Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1454
Views
0
Helpful
0
Comments

Cannot establish LAN-to-LAN IPSec/GRE tunnel - Added GRE to existing IPSec tunnel

TCC_2
Level 10
Level 10

on ‎06-18-2009 03:52 PM

Core issue

No crypto debugs appear when trying to initiate the tunnel. IPSec worked before adding generic routing encapsulation (GRE) to the configuration.

Resolution

To add GRE to a working IPSec configuration, follow these steps.

  1. Remove the crypto map from the interface.
  2. Create the tunnel interfaces.

    int tunnel
    ip address private_ip subnet_mask
    tunnel source outside_interface_name
    tunnel destination peer_address
  3. Modify the crypto access list as shown below.

    access-list acl_name permit gre host tunnel_source_ip host peer_address
  4. Use routing protocol or configure a static route for the remote LAN with the next hop pointing to the tunnel interface.
  5. Reapply the crypto map to the physical interface and the tunnel interface.

For more information, including a sample configuration, see Configuring Router-to-Router IPSec (Pre-shared Keys) on GRE Tunnel with CBAC and NAT.

Cisco IOS Software Version

12.2

12.0

12.1

VPN Tunnel End Points

Router

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents