Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
0
Helpful
1
Replies

IOS VPN with GRE tunnel to Netscreen 500

dkirby
Level 1
Level 1

‎12-10-2005 05:42 AM - edited ‎02-21-2020 02:08 PM

Hi,

I am trying to configure a VPN from a 1841 to Netscreen 500 and then running a GRE tunnel between the 2 for use with OSPF.

I have never configured a VPN on a IOS router before and am having problems with Phase 2 failing.

Can anyone point me in the direction of some good documentation for configuring IOS based VPN with GRE. I have found some documenation for configuring a PIX to Netscreen but this is using policy based VPN's and not route based which is what im trying to configure

Many Thanks

Labels:
0 Helpful
1 Reply 1

aacole
Level 5
Level 5

‎12-10-2005 11:15 AM

Hi,

Here is a basic IOS configuration for encrypting a GRE tunnel.

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key secret-key address x.x.x.x

!

crypto ipsec transform-set VPNSet esp-3des esp-md5-hmac

mode transport

!

crypto map CryptoMap 1 ipsec-isakmp

set peer 1.2.3.4

set transform-set VPNsSet

match address 101

!

interface Serial0

crypto map CryptoMap

!

!

access-list 101 permit gre any any

int t0

ip mtu 1416

ip addr 10.1.1.1 255.255.255.0

tunnel source ! These addresses need to be globally

tunnel dest ! routable

Router ospf 1

network 10.1.1.0 0.0.0.255 area 0

The way this works is that the OSFP process provides routing across the GRE tunnel. So packets that need to get to the remote network have the next hop set to that of the remote tunnel endpoint. They get encapsulated by GRE, then the crypto ACL 101 matches the GRE packets and they get encrypted.

Hope this helps,

Andy

0 Helpful
Customers Also Viewed These Support Documents