cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
839
Views
0
Helpful
3
Replies

Cisco 7204VXR to Smoothwall GRE tunnel

mudvayne15
Level 1
Level 1

Hi everyone, 

 

Is there anyone who had luck establishing a GRE tunnel to smoothwall? My interface still shows up/down and its hard to find a resource on how to configure GRE tunnel on these devices. Appreciate if you can point out my mistake. Thank you

 

I am able to ping the public IP 1.1.1.1  on the smoothwall. 

 

crypto isakmp policy 3000
encr aes 256
authentication pre-share
group 2
lifetime 28800

!
crypto keyring keyring-vpn-test1
local-address 2.2.2.2
pre-shared-key address 1.1.1.1 key testkey
!
crypto isakmp profile isakmp-vpn-test1
keyring keyring-vpn-test
match identity address 1.1.1.1 255.255.255.255
local-address 2.2.2.2
!
!
crypto ipsec transform-set ipsec-prop-vpn-test1 esp-aes esp-sha-hmac
!
crypto ipsec profile ipsec-vpn-test1
set transform-set ipsec-prop-vpn-test1
set pfs group2
!
interface Tunnel1
ip address 10.255.255.5 255.255.255.252
ip virtual-reassembly
ip tcp adjust-mss 1379
tunnel source 2.2.2.2
tunnel destination 1.1.1.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsec-vpn-test1
!

ip route 10.20.0.0 255.255.0.0 10.255.255.6

3 Replies 3

mudvayne15
Level 1
Level 1

I attached the smoothwall settings. 

Hi,

If you want to establish a GRE tunnel to the smoothwall you would need to change the tunnel mode from ipsec ipv4. The default is GRE, so just remove ipsec ipv4. E.g:-

 

interface Tunnel1
no tunnel mode ipsec ipv4

 

HTH

Hello,

 

Thank you for your help. However I am getting this on my logs. 

 

.Sep 20 07:09:57: %CRYPTO-4-IKMP_NO_SA: IKE message from 1.1.1.1 has no SA and is not an initialization offer
.Sep 20 07:11:07: %CRYPTO-4-IKMP_NO_SA: IKE message from 1.1.1.1 has no SA and is not an initialization offer
.Sep 20 07:12:09: %CRYPTO-4-IKMP_NO_SA: IKE message from 1.1.1.1 has no SA and is not an initialization offer
.Sep 20 07:13:27: %CRYPTO-4-IKMP_NO_SA: IKE message from 1.1.1.1 has no SA and is not an initialization offer
.Sep 20 07:14:37: %CRYPTO-4-IKMP_NO_SA: IKE message from 1.1.1.1 has no SA and is not an initialization offer
.Sep 20 07:15:47: %CRYPTO-4-IKMP_NO_SA: IKE message from 1.1.1.1 has no SA and is not an initialization offer

 

I also have corrected my Phase 2 to match the smoothwall settings but no luck. 

 

crypto ipsec transform-set ipsec-prop-vpn-test1 esp-3des esp-md5-hmac

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: