How to configure a GRE/IPSec VPN – Part 1
Posted by Josh on Wed 5 Mar 2008Categories: Cisco , Cisco Routers , Dynamips , GNS3 - [25] Comments
I first discovered GRE with IPSec about 4 years ago when a customer needed to transmit IPX and multicast traffic over his VPN. Since then, I have primarly used GRE/IPSEC tunnels for transmitting internal routing protocols over the internet. RIP, EIGRP or OSPF can be used over a GRE tunnel just as though it were a point to point circuit. It is also very useful for multicast music on hold.
This tutorial is part one of a two part series. If you have not already been through the internat lab series, I recommend watching them before starting the GRE/IPSec tutorials – Internet Lab Part 1 and Internet Lab Part 2.
March 5th, 2008 at 10:40 pm
[...] How to configure a GRE/IPSec VPN – Part 1 unknown wrote an interesting post today onHere’s a quick excerptI first discovered GRE with IPSec about 4 years ago when a customer needed to transmit IPX and multicast traffic over his VPN. Since then, I have primarly used GRE/IPSEC tunnels for transmitting internal routing protocols over the … [...]
March 6th, 2008 at 7:44 am
Great tutotial again, voice capture in the presentation really help.
March 6th, 2008 at 2:16 pm
Great Tutorial once again, thanks alot
March 6th, 2008 at 8:19 pm
[...] Full article here [...]
March 7th, 2008 at 12:59 pm
Can you comment on encryption over GRE tunnels?
March 7th, 2008 at 2:23 pm
That is in Part 2 of this series. I already have it recorded, but I am still editing it.
March 8th, 2008 at 11:08 pm
[...] Part 2 of the GRE/IPSec tutorial series, you will learn how to encrypt the GRE tunnels you built in Part 1. Although I only show you how to create a hub and spoke topology, it is also possible to create a [...]
March 12th, 2008 at 5:57 am
[...] Part 2 of the GRE/IPSec tutorial series, you will learn how to encrypt the GRE tunnels you built in Part 1. Although I only show you how to create a hub and spoke topology, it is also possible to create a [...]
March 18th, 2008 at 9:38 am
[...] let my friend Josh from blindhog.net show you how to do it. He’s got a video on how to configure the tunnels, and another on how to set it up for [...]
April 5th, 2008 at 12:24 pm
I have seen the crypto map actually been applied to the tunnel interface. In your case, you have applied it to the serial interface. Can you explain when one applies the crypto map to a tunnel interface rather than a physical interface.
April 5th, 2008 at 5:26 pm
In older code, it was appropriate to apply the crypto map to both the serial and tunnel interfaces. I am not sure when they changed it, but I do remember having to apply the crypto map to both.
Josh
May 25th, 2008 at 4:47 pm
I couldn´t finish the lab 1 because but i don´t see the tunnels connections between the routers, i can only see the directly connected networks. Did I do something wrong?
It’s seems to me eigrp is not working.
Thanks
June 2nd, 2008 at 4:55 am
[...] labs were built based on BlindHogs’ How to configure a GRE/IPSec VPN – Part 1. Routers Used: [...]
June 2nd, 2008 at 5:06 am
[...] labs were built based on BlindHogs’ How to configure a GRE/IPSec VPN – Part 2 Routers Used: [...]
June 10th, 2008 at 3:22 am
@Gabriel – I had the same issue. I wondered how w/o an IGP of sorts Josh was able to send traffic between R1 & R2 when neither knew of each other because of the ISP router. I had to look closer at the output of ’sh ip route’ to see that John had set a default route (gateway of last resort). I don’t remember whether that was addressed or not in the ISP Setup Video.
This is where good trouble shooting comes in. Even if you follow someone else’s steps and maybe miss a part of it; that you can think through the layers to figure out what is missing or wrong.
June 17th, 2008 at 8:12 pm
[...] labs were built based on BlindHogs’ How to configure a GRE/IPSec VPN – Part 2 Routers Used: [...]
June 17th, 2008 at 8:13 pm
[...] These labs were built based on BlindHogs’ How to configure a GRE/IPSec VPN – Part 1 [...]
June 27th, 2008 at 6:56 am
[...] Some help I used: How to configure a GRE/IPSec VPN – Part 1 [...]
June 28th, 2008 at 5:49 pm
[...] Some help I used: BlindHog – How to configure a GRE/IPSec VPN – Part 1 [...]
June 28th, 2008 at 5:51 pm
[...] Some help I used: BlindHog – How to configure a GRE/IPSec VPN – Part 1 [...]
August 6th, 2008 at 6:05 pm
[...] How to configure a GRE/IPSec VPN – Part 1 [...]
April 30th, 2009 at 1:31 am
wonderful and marvelous…
its very interesting
September 7th, 2009 at 10:38 am
Hi
Need some help on this tutorial
R2> show ip route
gives a default route to 23.45.67.1 where is this interface connected to
i did not get it
thanks in advance
rbary
September 26th, 2009 at 3:21 am
@bdk @gabriel,
I had same problem, i can’t make telnet to 192.168.1.1 from R2. Even I can ping cross over ISP from R1 to R2 and other way around. But after make GREIP tunnel from R1 and R2 as for 192.168.200.0 the connection not created.
What I missed?
September 26th, 2009 at 3:43 am
hi i need help,
i already follow basic internet 1 & 2.
able to ping cross over routers through ISP.
but however when continue on this tutorial ‘how-to-configure-a-greipsec-vpn-part-1′ i stuck. on the tutorial on ‘Look at the routing’ at ‘D 192.168.1.0/24 [90/297246976] via 192.168.200.1, 00:00:27, Tunnel0′ I don’t have this line. I’m using ISO ‘c3640-jk9o3s-mz.124-16.extracted.bin’