Solved: Re: creating gre-tunnel in Cisco ISR by template

ahmad.rz · ‎10-14-2019

Hello everyone,

I'm trying to create gre-tunnel over cisco isr4351 with template in vmanage. but after searching and watching related videos it's possible to create gre's only over vedge and vedge-cloud routers. But there isn't any similar template for cisco routers. Anyone can help about this case ?

Be quick and careful!

Captain HoOmi · ‎10-15-2019

Hi Ahmad,

I had the same issue and unfortunately GRE tunnels not yet supported on ISRs in Cisco SDWAN, the IOS XE SDWAN does not support it yet (see below). Only supported on Viptela vEdge routers. I asked Cisco and they're saying the feature is coming by the end of this year.

https://sdwan-docs.cisco.com/Product_Documentation/Getting_Started/Release_Notes_for_IOS_XE_SD-WAN_Release_16.10_and_SD-WAN_Release_18.4

SD-WAN Features Not Supported on IOS XE Devices

Cloud Express service
Cloud onRamp service
Standard IPsec with IKE version 1 or IKE version 2 for service-side connections
IPsec/GRE cloud proxy
IPv6 on transport connections
NAT pools on service-side connections
Reverse proxy

** Please rate this post or accept the solution if it helped! :) **

View solution in original post

Captain HoOmi · ‎10-15-2019

Hi Ahmad,

I had the same issue and unfortunately GRE tunnels not yet supported on ISRs in Cisco SDWAN, the IOS XE SDWAN does not support it yet (see below). Only supported on Viptela vEdge routers. I asked Cisco and they're saying the feature is coming by the end of this year.

https://sdwan-docs.cisco.com/Product_Documentation/Getting_Started/Release_Notes_for_IOS_XE_SD-WAN_Release_16.10_and_SD-WAN_Release_18.4

SD-WAN Features Not Supported on IOS XE Devices

Cloud Express service
Cloud onRamp service
Standard IPsec with IKE version 1 or IKE version 2 for service-side connections
IPsec/GRE cloud proxy
IPv6 on transport connections
NAT pools on service-side connections
Reverse proxy

** Please rate this post or accept the solution if it helped! :) **

ahmad.rz · ‎10-15-2019

Thanks @Captain HoOmi for reply.

So according to reference you gave, "IPSec/Gre Cloud proxy" is same as "Gre Tunnel"?

And something else, the link is for release note 18.4 but now there is a 19.2 release too.

Be quick and careful!

Captain HoOmi · ‎10-15-2019

I checked the release notes, support for IPsec has been added but not GRE only.

"Standard IPSEC support–This release provides support for standard IPSEC (IKEv1/IKEv2) tunnels over a service VPN for IOS-XE SD-WAN routers."

** Please rate this post or accept the solution if it helped! :) **

ahmad.rz · ‎10-15-2019

Yeah IPSec is in templates but there isn't any sign of GRE.

Really it's WORSE!!

Be quick and careful!

Captain HoOmi · ‎10-16-2019

Exactly, hopefully GRE support will be added soon. I really appreciate if you can please select my previous reply as solution ( I know it doesn't solve your issue but will be an answer for other people having same issue)

** Please rate this post or accept the solution if it helped! :) **

ahmad.rz · ‎10-16-2019

Sure why not.

Be quick and careful!

Florian Stroemmer · ‎10-17-2019

I'm facing the same problem. Our customer wants to setup a tunnel to Zscaler cloud proxy and I'd like to use GRE to not put additional burden on the router having to IPsec-encapsulate the web-bound traffic but, as you already mentioned, GRE is not yet supported andso we have to use IPsec (at least for the momen).

My local Cisco SE and TAC engineers told me that there will be no new features until March 2020 as they concentrating on fixes defects now.

CCIE #37979 (R/S)

JMobley · ‎06-25-2020

hi Guys,

Can you confirm this is now available in IOS version 17.02.01 (ISR 4431)? We'd like to leverage Zescaler Internet Access, leveraging GRE tunnels. In addition, we'd like to use transport-side tunnels. The source and destination and the GRE tunnel interface itself resides in the transport VPN (VPN 0).

Thank you in advance

Florian Stroemmer · ‎07-23-2020

Based on the release notes for SDWAN IOS XE 17.2, GRE tunnels are now available on cEdges but I haven't had the chance yet to configure it myself

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/m-secure-internet-gateway.html#Cisco_Concept.dita_9ca1cf60-fc31-4ce4-8f88-8569f0cdc813

CCIE #37979 (R/S)

Naseer Anjan · ‎11-24-2021

is it supportable now ?

svemulap@cisco.com · ‎11-24-2021

Yes, Naseer.
Enclosed screenshot from 17.6 / 20.6 vManage.

[cid:984CB7A7-6D58-474A-8C87-9FA6A0EBDFA6]

Naseer Anjan · ‎11-25-2021

Thanks for your reply.. I added GRE tunnel using cli template on cedge ISR (version 17.5.1a and vManage 20.5.1) but i am unable to ping other end GRE tunnel IP. GRE tunnel seems up but no input packet only output count getting increase.