01-01-2011 03:07 AM
Hi There,
I was working 10 years ago as network engineer where i used many Cisco products, i finally completly changed of job
But 10 years later, i'm launching a new project where i really need my old network competences... The problem is that i don't remember anything about what i learnt 10 years ago I'm right now taking a look to my old CCIE books to find out how to set Eth interfaces in IOS !! i'm really not proud
I've found out an old 1841 router that i would like tu use as simple GRE VPN concentrator for 3 third party Ethernet/3G bridges with GRE capability.
My 1841 is installed in DMZ of a DSL modem/router with static IP. My third party terminals connect through GSM/EDGE/3G network and get dynamic IPs each new connection.
I just want those 3G bridges to be reachable with local IP addresses on my LAN, security is not critical for this first step.
I have a very good 1000 pages book to read about Cisco IPsec VPN settings for further purposes..
Your help would be very comforting...
I'm sure it's like bike.. i need someone to launch me and everything will come again as clear water
Regards,
Amaury
file : screenshot of GRE config screen from Eth/3G bridge
Solved! Go to Solution.
01-02-2011 02:18 AM
Amaury,
The problem with GRE is that both local and remote endpoint need ot have a static IP otherwsie pure GRE is not capable of sending traffic.
What we have in Cisco world is mGRE (multipoint GRE) which solves the dynamic endpoint IP problem by virtue of NHRP registration process.
That being said, I think you're more likely to succeed under those cirumstances by using IPSec LAN-to-LAN on dymamic crypto map.
That is, If I understand what you're trying to do exactly;-)
Marcin
01-02-2011 02:18 AM
Amaury,
The problem with GRE is that both local and remote endpoint need ot have a static IP otherwsie pure GRE is not capable of sending traffic.
What we have in Cisco world is mGRE (multipoint GRE) which solves the dynamic endpoint IP problem by virtue of NHRP registration process.
That being said, I think you're more likely to succeed under those cirumstances by using IPSec LAN-to-LAN on dymamic crypto map.
That is, If I understand what you're trying to do exactly;-)
Marcin
01-02-2011 02:46 AM
Thank you so much Marcin !
I'm now reading this book from Richard Deal about Cisco VPNs, there is a very good chapter about dynamic crypto map.
I'll try this out Fortunatly my Eth/3G bridges have IPsec capability too.
Happy new year and best wishes.
Amaury
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide