Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1410
Views
0
Helpful
2
Replies

GRE tunnel over L2L VPN in 9.x ASA

jtcollins
Level 1
Level 1

‎09-22-2013 04:11 PM

I am having trouble getting a GRE tunnel up over a VPN tunnel on a 5555X ASA. This worked in the past on a pre-8.3 OS but I have not been able to solve it in the 9.x environment. I am seeing the following error:

%ASA-3-106010: Deny inbound protocol 47 src

Labels:
0 Helpful
2 Replies 2

pranesh deshpande
Level 1
Level 1

‎09-25-2013 02:33 PM

hi

Make sure outside to inside acl is applied for gre. i think below link can help

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html

pranesh

0 Helpful

Itzcoatl Espinosa
Cisco Employee
Cisco Employee

‎09-25-2013 06:10 PM

Hi,

The error may appear as GRE (protocol 47) can not pass through a PAT (dynamica NAT) on the ASA. I would recommend to configure a static translation.

-          Avoid nat statements with the 'any' keywords.

-          For nat identity rules (self-translation) add the no-proxy-arp and route-lookup keywords.

-           Verify there is a route for the destination.

Thanks,

Itzcoatl Espinosa

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents