encrypt traffic thru GRE

cfajardo1_2 · ‎01-22-2008

SCENARIO:

-3800X2 connected thru leased line

-routing prot is RIP

-vpn with gre configured

-(access-list premit gre host 192.168.1.1 host 192.168.1.2)

OBSERVATION;

-without transferring any traffic from point lanA to point lanB, sh crypto ipsec sa will show packets encrypted which i could say they are the RIP updates.

-pinging from lanA to lanB doesnt make any difference in the packets encrypted and decrypted in the SHOW CRYPTO IPSEC SA. Encrypted traffic is increased but they are from the RIP updates (not from my continous ping)

QUESTION:

-how will i encrypt my traffic from lanA to lanB.

ajagadee · ‎01-22-2008

In order to encrypt traffic from LanA to LanB, traffic has to flow across the GRE Tunnel first and then GRE will be encrypted by IPSEC.

So, if you do a show ip route xxx for LanB on the LanA router, does it point to the tunnel. If this is deployment is in production and if you do not want to play with the dynamic routing table to to test, can you add a simple static route just for one host to point to the GRE Tunnel and test it.

I hope it helps

Regards,

Arul

** Please rate if it helps **

cfajardo1_2 · ‎01-22-2008

rip route remains and i could reach the other end..theres no problem with the connectivity now and i could see the isakmp sa and ipsec sa doing thjere job.

The problem we have to make sure that traffic between lanA and lanB are secured. I couldnt see that in SH CRYPTO IPSEC SA. I could see only a few which i guess are the rip realated thing coz it does increase only after say 40 sec.