cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1086
Views
0
Helpful
2
Replies

multiple dynamic to single static IP, GRE tunnels

amaury.dailliez
Level 1
Level 1

Hi There,

I was working 10 years ago as network engineer where i used many Cisco products, i finally completly changed of job

But 10 years later, i'm launching a new project where i really need my old network competences... The problem is that i don't remember anything about what i learnt 10 years ago I'm right now taking a look to my old CCIE books to find out how to set Eth interfaces in IOS !! i'm really not proud

I've found out an old 1841 router that i would like tu use as simple GRE VPN concentrator for 3 third party Ethernet/3G bridges with GRE capability.

My 1841 is installed in DMZ of a DSL modem/router with static IP. My third party terminals connect through GSM/EDGE/3G network and get dynamic IPs  each new connection.

I just want those 3G bridges to be reachable with local IP addresses on my LAN, security is not critical for this first step.

I have a very good 1000 pages book to read about Cisco IPsec VPN settings for further purposes..

Your help would be very comforting...

I'm sure it's like bike.. i need someone to launch me and everything will come again as clear water

Regards,

Amaury

file : screenshot of GRE config screen from Eth/3G bridge

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Amaury,

The problem with GRE is that both local and remote endpoint need ot have a static IP otherwsie pure GRE is not capable of sending traffic.

What we have in Cisco world is mGRE (multipoint GRE) which solves the dynamic endpoint IP problem by virtue of NHRP registration process.

That being said, I think you're more likely to succeed under those cirumstances by using IPSec LAN-to-LAN on dymamic crypto map.

That is, If I understand what you're trying to do exactly;-)

Marcin

View solution in original post

2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Amaury,

The problem with GRE is that both local and remote endpoint need ot have a static IP otherwsie pure GRE is not capable of sending traffic.

What we have in Cisco world is mGRE (multipoint GRE) which solves the dynamic endpoint IP problem by virtue of NHRP registration process.

That being said, I think you're more likely to succeed under those cirumstances by using IPSec LAN-to-LAN on dymamic crypto map.

That is, If I understand what you're trying to do exactly;-)

Marcin

Thank you so much Marcin !

I'm now reading this book from Richard Deal about Cisco VPNs, there is a very good chapter about dynamic crypto map.

I'll try this out Fortunatly my Eth/3G bridges have IPsec capability too.

Happy new year and best wishes.

Amaury

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: