Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
946
Views
6
Helpful
19
Replies

GRE tunneling

Go to solution
ColForbin
Level 1
Level 1

‎09-06-2025 03:53 AM

I have a remote site I need to make some tunneling changes to. It connects back to the core router by way of a layer 3 circuit to another remote location that has a dedicated p2p to the core. R1<>L3circuit<>R2<>leasedline<>R3core

R1-R2have a gre tunnel.  L3 circuit is just transport the isp does no routing. 

i need to encrypt traffic from R1 to R3 and back. 2 questions naturally

what’s the best way to accomplish if that means replacing hardware so be it

and two, best way given constraints of current hardware?

 

 

 

Labels:
19 Replies 19

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎09-06-2025 11:45 AM

R2 use static route egress direct connect to R3 to learn R3 LO 

In R2 

Ip route 3.3.3.3 255.255.255.255 <R3 IP of interface connect to R2>

Go to solution
ColForbin
Level 1
Level 1
In response to MHM Cisco World

‎09-06-2025 01:48 PM

Makes sense...loopbacks are the key, need to test it out and report back, need some time but thanks for the advice regardless, its a different way of looking at it.

Go to solution
MHM Cisco World
VIP
VIP
In response to ColForbin

‎09-06-2025 01:50 PM

You are so welcome 

MHM

0 Helpful

Go to solution
ColForbin
Level 1
Level 1
In response to MHM Cisco World

‎09-08-2025 07:36 AM

Well only way I can ping R1 loopback from R3 is to source from the loopback which should be ok because that’s my source on the new tunnel. Tunnel comes up. 
If I do just a gre:

Sh int tunn2 from R3 shows mtu 1476

sh int tunn2 from R1 shows mtu 1452 so double encaps. 

If I do a dmvpn setup it’s the same. 

with vti tunnel comes up but I can’t ping the tunnel addresses. Regardless of that the r1 mtu shows 1476. Vti allows my r3 to come up with no encapsulation so it’s showing 1500 which is fantastic. But the other end on r1 is 1476 so it is encapsulating that underlay tunnel. 

Any other thoughts feel free to reach out. Thanks for the time much appreciated. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ColForbin

‎09-08-2025 08:31 AM - edited ‎09-08-2025 08:32 AM

""R1-R2have a gre tunnel.  L3 circuit is just transport the isp does no routing. 

i need to encrypt traffic from R1 to R3 and back. 2 questions naturally""

This your requirements and it need mandatory two tunnel.

Since we use two tunnel R1 must do dual encap' other routers only have one encap

To test ping from R1 to R3 you need to specify LO to check underlying abd you can use tunnel IP to check overlying 

MHM

0 Helpful
Customers Also Viewed These Support Documents