GRE over IPSec old
--R1-------Internet----R2--
| |
|_______________|
GRE tunnel 0
R1
hostname R1
interface loopback 0
ip address 1.1.1.1 255.255.255.0
interface fastethernet 0/0
ip address 202.100.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 202.100.1.10
interface tunnel 0
ip address 172.16.1.1 255.255.255.0
tunnel source 202.100.1.1
tunnel destination 61.128.1.1
router ospf 110
network 172.16.1.0 0.0.0.255 area 0
network 1.1.1.0 0.0.0.255 area 0
crypto isakmp policy 10
authentication pre-share
encr 3des
hash md5
group 2
lifetime 7200
crypto isakmp key 0 cisco address 61.128.1.1
ip access-list extended vpn
permit gre host 202.100.1.1 host 61.128.1.1
crypto ipsec transform-set cisco esp-des esp-md5-hmac
mode transport
crypto map cisco 10 ipsec-isakmp
match address vpn
set transform-set cisco
set peer 61.128.1.1
interface fastethernet 0/0
crypto map cisco
#show crypto engine connections active
#show crypto ipsec sa
===========================================================
GRE Over IPSec config new
site1
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 202.100.2.2
crypto ipsec transform-set cisco esp-des esp-md5-hmac
mode transport
crypto ipsec profile ipsecprof
set transform-set cisco
interface tunnel 0
ip address 123.1.1.1 255.255.255.0
tunnel source 202.100.1.1
tunnel destination 202.100.2.2
tunnel protection ipsec profile ipsecprof
site2
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 202.100.1.1
crypto ipsec transform-set cisco esp-des esp-md5-hmac
mode transport
crypto ipsec profile ipsecprof
set transform-set cisco
interface tunnel 0
ip address 123.1.1.2 255.255.255.0
tunnel source 202.100.2.2
tunnel destination 202.100.1.1
tunnel protection ipsec profile ipsecprof