cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1981
Views
0
Helpful
5
Replies

GRE Over IPSEC Over 3G With Dynamic Ip

Cameron Prior
Level 1
Level 1

Hey Guys

I am struggling with an issue at the moment and was hoping to get a answer from someone who has done this type of thing before

Here is a general outline of what I am trying to achieve

Problems.jpg

The Remote office needs to connect to the IPSEC router in a secure gateway environment (due to restrictions) - This part is working fine

The Remote office then needs to establish a GRE tunnel to the Anchor router behind the ipsec router

The problem is, the remote router is running a 3g wireless connection that has a Dynamic IP address allocated to it, Since you need a source and destination address to bring up a GRE tunnel, this seems impossible

Could I use NHRP or VTI's to get this to work

If you need anymore information just ask..

Cheers

Cameron

Message was edited by: Cameron Prior I have also attached a larger picture

5 Replies 5

fsebera
Level 4
Level 4

Hey Cameron,

I use DMVPN to establish VPN tunnels with remote dynamic addressing clients. In my setup as I understand it, only the "HUB" needs a static address.

:

Also You may want to look at IPsec over GRE if you are trying to establish two tunnels on that remote client. Keep in mind older IOS does not support IPsec over GRE only GRE over IPSec.

Hope this helps

Frank

Cameron, Frank,

Is it required that we terminate IPsec and GRE on HQ side on two separate devices?

If not DMVPN could be a solution as Frank suggests.

If so, dynamic crypto map + RRI on HQ side could be a possibility (with isakmp profile and separate "match" stamements if required). And plain GRE ;-)

It's not as elegant as DMVPN but would allow you to terminate GRE and IPsec in two different places.

Marcin

Cameron Prior
Level 1
Level 1

Oki Doki

I have managed to work this out using a Dual Tier Headend approach

Basically I created a loopback on the Remote Office Router

I then created a tunnel interface on both Remote and Anchor Routers

I then added some static routes into all three routers to point traffic down the tunnel

Hey Presto it works

Thanks for your help my friends

If anyone would like to see some configs of how i managed to get it to work, Just shoot me an email

Cheers

Cameron,

Can I suggest to attach the configs (minus any public IPs/hostnames) to your last post as attachments? :-)

Marcin

Cameron Prior
Level 1
Level 1

Here are the configs i used my friends

Enjoy