SOURCECODEBD.NET

Live Experience

6.  CONFIGURE GRE OVER IPSEC

HOW TO CONFIGURE GRE OVER IPSEC
 
Interface IP Address Configuration 
 
R1 
 
Interface  IP Address   Subnet Mask 
S 1/0     2.2.2.1   255.0.0.0 
E 0/0      10.1.1.1   255.0.0.0 
 
R3 
 
Interface  IP Address   Subnet Mask 
S 0     2.2.2.2   255.0.0.0 
S 1     3.3.3.1   255.0.0.0 
 
R2 
 
Interface  IP Address   Subnet Mask 
S 0/2     3.3.3.2   255.0.0.0 
Fa 0/0   20.1.1.1   255.0.0.0 
 
Task  
 
Create interface tunnel 0 on R1 and R2 
Verify connectivity 
Configure OSPF on R1 & R2 only. 
Verify if the routes are traveling via the tunnel. 
 
 
R1 
 
Ip route 3.0.0.0 255.0.0.0 2.2.2.2 
 
Int tunnel 0 
Ip address 30.1.1.1 255.0.0.0 
Tunnel source s1/0 
Tunnel destination 3.3.3.2 
Tunnel mode gre ip
 
Router ospf 1 
Network 10.0.0.0 0.255.255.255 area 0 
Network 30.0.0.0 0.255.255.255 area 0
 
R2 
 
Ip route 2.0.0.0 255.0.0.0 3.3.3.1 
 
Int tunnel 0 
Ip address 30.1.1.2 255.0.0.0 
Tunnel source s0/2 
Tunnel destination 2.2.2.1 
Tunnel mode gre ip 
 
Router ospf 1 
Network 20.0.0.0 0.255.255.255 area 0 
Network 30.0.0.0 0.255.255.255 area 0 
 
 
Task  
 
Configure IPSec from R1 to R2 on the GRE tunnel. 
 
R1 
 
Crypto isakmp enable 
 
Crypto isakmp policy 10 
Encryption 3des 
Hash md5 
Authentication pre-share 
Group1 
 
Crypto isakmp key cisco123 address 3.3.3.2 
 
Crypto ipsec transform-set set1 esp-des 
 
Access-list 101 permit ip 
10.0.0.0 0.255.255.255 
20.0.0.0 0.255.255.255 
 
Crypto map map1 10 ipsec-isakmp 
Set peer 3.3.3.2 
Set transform-set set1 
Match address 101 
 
Int s1/0 
Crypto map map1 
 
Int tunnel 0 
Crypto map map1
 
 
R2 
 
Crypto isakmp enable 
 
Crypto isakmp policy 20 
Encryption 3des 
Hash md5 
Authentication pre-share 
Group1 
 
Crypto isakmp key cisco123 address 2.2.2.1 
 
Crypto ipsec transform-set set1 esp-des 
 
Access-list 101 permit ip 
20.0.0.0 0.255.255.255 
10.0.0.0 0.255.255.255 
 
Crypto map map1 10 ipsec-isakmp 
Set peer 2.2.2.1 
Set transform-set set1 
Match address 101 
 
Int s0/2 
Crypto map map1 
 
Int tunnel 0 
Crypto map map1
 
Verification: 
 
R1#show crypto isakmp sa
 
The output displays the current IKE session and QM_IDLE indicates that the IKE is 
active. 
 
R1#show crypto ipsec sa 
 
The output displays current settings used by current SA’s.  Non-zero encryption and 
decryption statistics can indicate a working set of IPSec SA’s.
You are here: Home / VPN / HOW TO CONFIGURE GRE OVER IPSEC