GRE tunnel through asa no pptp, l2tp, ipsec

GrimnirMsk_2 · ‎07-05-2013

Hello!

can't understand how to configure GRE tunnel through ASA

i have one router with public ip, connected to internet

ASA 8.4 with public ip connected to internet

router with private ip behind ASA.

have only one public ip on ASA with /30 mask

have no crypto

have network behind ASA and PAT for internet users.

can't nat GRE? cause only TCP/UDP nated(?)

with packet-tracer i see flow already created but tunnel doesn't work

Karsten Iwen · ‎07-05-2013

You don't need any NAT if you can route your traffic. Just make sure that the outside router has a route to the private IP of the inside router and the inside router has a route to the public IP of the outside router. Then allow GRE in the ACLs of the ASA for these IPs.

Sent from Cisco Technical Support iPad App

GrimnirMsk_2 · ‎07-05-2013

think internet providers won't want to route traffic to my inside router private ip.

even i write route thru internet to my inside router private ip

scheme

R1(public) - internet - (public) ASA (private) - (private) R2

Karsten Iwen · ‎07-05-2013

oh, I thought your public router is directly in front of your ASA. there you wouldn't need any NAT.

With the router being remote, you can do a 1:1 NAT on the ASA for the internal IP.

Sent from Cisco Technical Support iPad App

GrimnirMsk_2 · ‎07-06-2013

have only one public ip on ASA with /30 mask

have network behind ASA and PAT for internet users.

Karsten Iwen · ‎07-06-2013

A "clean" way would be to use a protocol that can be PATted. That could be GRE over IPSec. With that you have the additional benefit that your communication is protected through the internet.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni