02-28-2006 09:15 AM - edited 02-21-2020 02:17 PM
Hello,
I am setting up a vpn between the above routers. I am using the VTI method with a tunnel interface. I have the tunnel up right now using the default GRE mode. Now I want to use ipsec, I have everything set up but need to turn on ipsec for the tunnel mode. This works on the 3640, however this option isn't listed in the 3660. Here is what I get doing a "tunnel mode ?"
aurp AURP TunnelTalk AppleTalk encapsulation
cayman Cayman TunnelTalk AppleTalk encapsulation
dvmrp DVMRP multicast tunnel
eon EON compatible CLNS tunnel
gre generic route encapsulation protocol
ipip IP over IP encapsulation
iptalk Apple IPTalk encapsulation
ipv6ip IPv6 over IP encapsulation
mpls MPLS encapsulations
nos IP over IP encapsulation (KA9Q/NOS compatible)
The second command I need:
"tunnel protection ipsec profile"
works on both routers, but the tunnel won't come back up because one side is gre and the other is ipsec.
The ios version of the 3660 is 12.3(17a)
The ios version of the 3640 is 12.4(3a)
thank you,
02-28-2006 08:20 PM
Wonder what feature set you have on the 3660. You will need IP Plus IPSec 3Des or Enterprise Plus IPSec 3DES image. You can upgrade the image and see if it works.
Or If both sides can do IPSec, you can probably do plain simple GRE over IPSec instead of VTI
03-01-2006 11:57 AM
Thanks,
I thought I had the right feature set because I made an ipsec tunnel with a different method (crypto map applied to an interface) on the same router. I actually fixed it with an ios upgrade (new version same features). Maybe I had a buggy IOS? The gre tunnels do work, but I wanted something a little more secure.
thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide