Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1340
Views
0
Helpful
0
Comments

GRE packets do not encrypt on an ASA or a PIX Firewall that runs software version 7.x

TCC_2
Level 10
Level 10

on ‎06-22-2009 04:04 PM

Core issue

This issue is due to the presence of Cisco bug ID CSCse36327.

This issue occurs when the IPSec tunnel previously worked and one of these events occurred:

  • The crypto map or Internet Security Association and Key Management Protocol (ISAKMP) is removed and reapplied to the interface.

  • The PIX Firewall or Cisco Adaptive Security Appliance (ASA) is upgraded to version 7.x from version 6.x.

  • The PIX or ASA is rebooted.

  • The remote IPSec peer is rebooted.

What is GRE?

Generic Routing Encapsulation (GRE) is a protocol which is used to encapsulate packets in order to route other protocols over IP network. It was originally developed by Cisco.

GRE is a tunneling tool meant to carry any OSI Layer 3 protocol over an IP network, so a private point-to-point connection is created alike VPN 

Resolution

As a workaround, use a match address statement for the Generic Routing Encapsulation (GRE) traffic. If the crypto map and/or ISAKMP is removed and reapplied, issue the clear local-host command.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents