[c-nsp] GRE over IPSEC wtf?!
Persio Pucci
persio at gmail.com
Wed Oct 26 09:15:04 EDT 2011
Hi all,
I am trying to get a GRE tunnel to work over IPSEC but as expected I am
running into problems, just not the expected ones.
Phase 1 is fine and established, Phase 2 is fine, SAs are in place. We can
mutually ping our loopbacks, and we see encaps/decaps increasing as we ping
the loopbacks. This all means that the IPSEC part is done and working.
Now the s****y part: GRE tunnel will not work. Tunnel has simple
source/destination config, with proper IP addressing, but no good.
Outgoing interface is on a VRF, so are Loopback and Tunnel (all on the same
VRF). Removed keepalive from tunnel due to VRF. Still no good.
Any ideas?
Persio
More information about the cisco-nsp
mailing list