GRE and IPSec tunnel endpoints

a-greaves · ‎02-04-2005

I have a remote router terminating both a GRE tunnel and an IPSec tunnel.

The other endpoints for these tunnels terminate on another Router (GRE) and 3000VPN Concentrator (IPSec) at a Central location, but on the same Ethernet subnet.

Both tunnels come online no problem and I can connect users to servers etc. The problem is that the traffic outbound from the central location uses the IPSec tunnel, but the traffic from the remote location is using the GRE tunnel i.e. is not getting encrypted, but reaches its destination.

I've set it up this way because the central Router isn't IPSec capable and we had to use the existing VPN.

Is there any way to get the remote traffic encrypted ?

regards

Andy Greaves

Richard Burts · ‎02-04-2005

I am not clear why you need the GRE tunnel. Can you explain more about why you need the GRE tunnel?

I am guessing from the information presented that the remote router has a route in its routing table which says that your network is reachable with the next hop address being the address of the GRE tunnel end point. I would suggest that you set up the remtoe so that its route to your network has the next hop address as the IPSec peer, and a route that specifies that the IPSec peer is reachable with the next hop address being the end point of the GRE tunnel.

HTH

Rick

HTH

Rick

a-greaves · ‎02-07-2005

Rick,

The GRE tunnel is to get the OSPF accross to the remote Router. This way I can have a resilient setup. If the WAN fails (OSPF is lost),the remote Router uses a floating static out its ISDN.

I'll try your suggestion.

Andy