On 26/10/11 14:15, Persio Pucci wrote:
Hi all,
I am trying to get a GRE tunnel to work over IPSEC but as expected I am
running into problems, just not the expected ones.
Phase 1 is fine and established, Phase 2 is fine, SAs are in place. We can
mutually ping our loopbacks, and we see encaps/decaps increasing as we ping
the loopbacks. This all means that the IPSEC part is done and working.
Now the s****y part: GRE tunnel will not work. Tunnel has simple
source/destination config, with proper IP addressing, but no good.
Outgoing interface is on a VRF, so are Loopback and Tunnel (all on the same
VRF). Removed keepalive from tunnel due to VRF. Still no good.
This is a horribly tedious mess of nonsense on IOS platforms, and poorly
documented to boot. One of my colleagues has spent countless hours with
it...
What hardware / IOS versions?
Can you give the full IPSec & GRE config?
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
