topic Re: GRE through PIX in Network Security https://community.cisco.com/t5/network-security/gre-through-pix/m-p/86718#M661461 <HTML><HEAD></HEAD><BODY><P>Here is a sample config you can use as template to check;</P><P></P><P>Configuring IPSec/GRE with NAT through PIX</P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/707/ipsecgrenat.html" target="_blank">http://www.cisco.com/warp/public/707/ipsecgrenat.html</A></P><P></P><P>HTH</P><P>R/Yusuf</P></BODY></HTML> Thu, 18 Jul 2002 09:22:49 GMT yusuff 2002-07-18T09:22:49Z GRE through PIX https://community.cisco.com/t5/network-security/gre-through-pix/m-p/86717#M661451 <P></P><P>Hi,</P><P>I want to run GRE between two routers. The diagram is as such:</P><P></P><P></P><P> -------------IPSec---------------------- </P><P>3640-------------PIX------------------------------------2600---------</P><P> 10.1.1.252 117.17.36.217 117.17.34.230 10.1.5.251</P><P></P><P></P><P></P><P>on the PIX, the configuration is:</P><P></P><P>static (inside,outside) 117.17.36.217 10.1.1.252 netmask 255.255.255.255 0 0</P><P>conduit permit gre host 117.17.36.217 host 117.17.34.230</P><P>conduit permit gre host 117.17.34.230 host 117.17.36.217</P><P></P><P></P><P>on the 2600:</P><P></P><P>ip nat inside source route-map nonat interface Serial0/0.1 overload</P><P>route-map nonat permit 10</P><P> match ip address 130</P><P></P><P>access-list 130 deny ip 10.1.5.0 0.0.0.255 10.0.0.0 0.255.255.255</P><P></P><P>access-list 102 permit ip 10.1.5.0 0.0.0.255 10.1.1.0 0.0.0.255 (crypto access-list)</P><P></P><P>interface Tunnel1</P><P> ip address 192.168.100.1 255.255.255.0</P><P> tunnel source 117.17.34.230</P><P> tunnel destination 117.17.36.217</P><P></P><P></P><P>on the 3640:</P><P>interface Tunnel1</P><P> ip address 192.168.100.2 255.255.255.0</P><P> tunnel source 10.1.1.252</P><P> tunnel destination 117.17.34.230</P><P></P><P></P><P>IPSec between the PIX and 2600 is running fine. The networks behind the PIX and 2600 are NAT-ed.</P><P>The IP for the tunnel on the PIX is unique (no PAT).</P><P></P><P>I cannot ping through the tunnel. What's wrong with this?</P><P>Souldn't the tunnel packets be excluded from IPSec encryption?</P><P></P><P></P><P>I appreciate any input; thanks </P> Fri, 21 Feb 2020 06:10:08 GMT https://community.cisco.com/t5/network-security/gre-through-pix/m-p/86717#M661451 pax_2111 2020-02-21T06:10:08Z Re: GRE through PIX https://community.cisco.com/t5/network-security/gre-through-pix/m-p/86718#M661461 <HTML><HEAD></HEAD><BODY><P>Here is a sample config you can use as template to check;</P><P></P><P>Configuring IPSec/GRE with NAT through PIX</P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/707/ipsecgrenat.html" target="_blank">http://www.cisco.com/warp/public/707/ipsecgrenat.html</A></P><P></P><P>HTH</P><P>R/Yusuf</P></BODY></HTML> Thu, 18 Jul 2002 09:22:49 GMT https://community.cisco.com/t5/network-security/gre-through-pix/m-p/86718#M661461 yusuff 2002-07-18T09:22:49Z