[c-nsp] IPsec Tunnel Hairpinned to GRE-over-IPsec tunnel

Hughes, Scott GRE-MG SHughes at GREnergy.com
Wed May 14 23:40:43 EDT 2014


Erm, nevermind. My lack of connectivity was due to a routing protocol issue. The scenario below seems to work (at least in GNS3)

On May 14, 2014, at 9:16 PM, Hughes, Scott GRE-MG <SHughes at GREnergy.com> wrote:

> Hello,
> 
> I have a router terminating two tunnels, one is a regular IPsec tunnel, and one is a GRE tunnel with IPsec protection. Both tunnels work by themselves, but they cannot communicate with each other.
> 
> I remember reading somewhere that you cannot hairpin an IPsec tunnel to a DMVPN tunnel, and it would appear that applies to a regular GRE tunnel as well.
> 
> Both tunnels have peer/endpoint addresses on one VRF, with payload traffic on another.
> 
> Can anyone tell me if this limitation is documented anywhere, and if there's a workaround, other than to terminate the tunnels on 2 separate routers?
> 
> Platform ISR G2, IOS 15.1(4)M8
> 
> Thanks,
> Scott
> 
> 
> NOTICE TO RECIPIENT: The information contained in this message from
> Great River Energy and any attachments are confidential and intended
> only for the named recipient(s). If you have received this message in 
> error, you are prohibited from copying, distributing or using the
> information. Please contact the sender immediately by return email and
> delete the original message.
> 
> 
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



NOTICE TO RECIPIENT: The information contained in this message from
Great River Energy and any attachments are confidential and intended
only for the named recipient(s). If you have received this message in 
error, you are prohibited from copying, distributing or using the
information. Please contact the sender immediately by return email and
delete the original message.


 




More information about the cisco-nsp mailing list