GRE Tunnel with IPSEC
Here is a example configuration of a GRE tunnel encapsulated with IPSEC.
#Near Router:
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key 6 CRYPTO-Map-Sample address 192.168.1.2 #(Far side address)
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set CRYPTO-Map-Sample esp-aes 256 esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map CRYPTO-Map-Sample 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set CRYPTO-Map-Sample
match address CRYPTO-Map-Sample
qos pre-classify
!
interface Tunnel10
description "GRE Tunnel"
ip address 172.16.1.1 255.255.255.248
tunnel source FastEthernet1/1
tunnel destination 192.168.1.2
!
interface FastEthernet1/1
ip address 192.168.1.1 255.255.255.248
no keepalive
crypto map CRYPTO-Map-Sample
!
ip access-list extended CRYPTO-Map-Sample #(all traffic will be in the tunnel)
permit eigrp any any
permit ip any any
permit tcp any any
permit udp any any
!
router eigrp 100
network 172.16.1.0 0.0.0.7
network 192.168.1.0 0.0.0.7
no auto-summary
----------------------------------------------
#Far Router
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key 6 CRYPTO-Map-Sample address 192.168.1.1 #(Near side address)
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set CRYPTO-Map-Sample esp-aes 256 esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map CRYPTO-Map-Sample10 ipsec-isakmp
set peer 192.168.1.1
set transform-set CRYPTO-Map-Sample
match address CRYPTO-Map-Sample
qos pre-classify
!
interface Tunnel10
description "GRE Tunnel"
ip address 172.16.1.2 255.255.255.248
tunnel source FastEthernet1/1
tunnel destination 192.168.1.1
!
interface FastEthernet1/1
ip address 192.168.1.2 255.255.255.248
no keepalive
crypto map CRYPTO-Map-Sample
!
ip access-list extended CRYPTO-Map-Sample #(all traffic will be in the tunnel)
permit eigrp any any
permit ip any any
permit tcp any any
permit udp any any
!
router eigrp 100
network 172.16.1.0 0.0.0.7
network 192.168.1.0 0.0.0.7
no auto-summary
#Near Router:
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key 6 CRYPTO-Map-Sample address 192.168.1.2 #(Far side address)
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set CRYPTO-Map-Sample esp-aes 256 esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map CRYPTO-Map-Sample 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set CRYPTO-Map-Sample
match address CRYPTO-Map-Sample
qos pre-classify
!
interface Tunnel10
description "GRE Tunnel"
ip address 172.16.1.1 255.255.255.248
tunnel source FastEthernet1/1
tunnel destination 192.168.1.2
!
interface FastEthernet1/1
ip address 192.168.1.1 255.255.255.248
no keepalive
crypto map CRYPTO-Map-Sample
!
ip access-list extended CRYPTO-Map-Sample #(all traffic will be in the tunnel)
permit eigrp any any
permit ip any any
permit tcp any any
permit udp any any
!
router eigrp 100
network 172.16.1.0 0.0.0.7
network 192.168.1.0 0.0.0.7
no auto-summary
----------------------------------------------
#Far Router
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key 6 CRYPTO-Map-Sample address 192.168.1.1 #(Near side address)
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set CRYPTO-Map-Sample esp-aes 256 esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map CRYPTO-Map-Sample10 ipsec-isakmp
set peer 192.168.1.1
set transform-set CRYPTO-Map-Sample
match address CRYPTO-Map-Sample
qos pre-classify
!
interface Tunnel10
description "GRE Tunnel"
ip address 172.16.1.2 255.255.255.248
tunnel source FastEthernet1/1
tunnel destination 192.168.1.1
!
interface FastEthernet1/1
ip address 192.168.1.2 255.255.255.248
no keepalive
crypto map CRYPTO-Map-Sample
!
ip access-list extended CRYPTO-Map-Sample #(all traffic will be in the tunnel)
permit eigrp any any
permit ip any any
permit tcp any any
permit udp any any
!
router eigrp 100
network 172.16.1.0 0.0.0.7
network 192.168.1.0 0.0.0.7
no auto-summary
Comments