Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
0
Helpful
2
Replies

GRE over IPSec weired problem

alv84
Level 1
Level 1

‎06-04-2022 11:44 AM - edited ‎06-05-2022 01:03 AM

hello everyone! it's first post and fun. 

i have tried to set up a simple scenario for GRE over IPSec tunneling between a Cisco c2800 and a Mikrotik RB951ui-2hnd. the two are connected directly through their physical ports; fa0/0 on cisco to ether1 on mikrotik. i have attached the configuration files for easy verification. 

i am really wondering why this happens since if i replace mikrotik with cisco everything is fine and the tunnel never drops. please help me calrify this.

so many thanks. 

Labels:
Preview file
1 KB
Preview file
3 KB
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎06-05-2022 09:04 AM - edited ‎06-05-2022 09:06 AM

@alv84 is the tunnel interface up on the cisco end?

I see you've got PFS configured on the Cisco router, but I can see no mention of it in the mikrotik configuration. Remove it from the Cisco device and try again, it's optional.

Enable isakmp debugs on the cisco router and provide the output for review.

0 Helpful

alv84
Level 1
Level 1
In response to Rob Ingram

‎06-08-2022 10:08 PM

@Rob Ingram thank you and sorry for late reply. i fixed that pfs option but the issue was not that. the problem was:

1) ipsec acl on cisco

2) ipsec policy parameters on mikrotik

it is now resolved. 

regards. 

0 Helpful
Customers Also Viewed These Support Documents