[c-nsp] GRE over IPSEC wtf?!
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 26 09:21:42 EDT 2011
On 26/10/11 14:15, Persio Pucci wrote:
> Hi all,
>
> I am trying to get a GRE tunnel to work over IPSEC but as expected I am
> running into problems, just not the expected ones.
>
> Phase 1 is fine and established, Phase 2 is fine, SAs are in place. We can
> mutually ping our loopbacks, and we see encaps/decaps increasing as we ping
> the loopbacks. This all means that the IPSEC part is done and working.
>
> Now the s****y part: GRE tunnel will not work. Tunnel has simple
> source/destination config, with proper IP addressing, but no good.
>
> Outgoing interface is on a VRF, so are Loopback and Tunnel (all on the same
> VRF). Removed keepalive from tunnel due to VRF. Still no good.
This is a horribly tedious mess of nonsense on IOS platforms, and poorly
documented to boot. One of my colleagues has spent countless hours with
it...
What hardware / IOS versions?
Can you give the full IPSec & GRE config?
More information about the cisco-nsp
mailing list