[c-nsp] IPsec Tunnel Hairpinned to GRE-over-IPsec tunnel

Hughes, Scott GRE-MG SHughes at GREnergy.com
Wed May 14 22:16:45 EDT 2014


Hello,

I have a router terminating two tunnels, one is a regular IPsec tunnel, and one is a GRE tunnel with IPsec protection. Both tunnels work by themselves, but they cannot communicate with each other.

I remember reading somewhere that you cannot hairpin an IPsec tunnel to a DMVPN tunnel, and it would appear that applies to a regular GRE tunnel as well.

Both tunnels have peer/endpoint addresses on one VRF, with payload traffic on another.

Can anyone tell me if this limitation is documented anywhere, and if there's a workaround, other than to terminate the tunnels on 2 separate routers?

Platform ISR G2, IOS 15.1(4)M8

Thanks,
Scott


NOTICE TO RECIPIENT: The information contained in this message from
Great River Energy and any attachments are confidential and intended
only for the named recipient(s). If you have received this message in 
error, you are prohibited from copying, distributing or using the
information. Please contact the sender immediately by return email and
delete the original message.


 




More information about the cisco-nsp mailing list