your assumption is correct, however, that would encrypt all ip traffic when
i only want to encrypt the gre traffic. what's strange is that when i do a
general ACL for ip/icmp traffic it works, but when i do a ping ipx
<neighbor> it doesn't work. i have verified through debug that a crypto-map
free config allows the ipx ping using ip protocol 47, which i believe is
gre. the serial interface has no ipx configured, except for a frame map ipx
statement, which i probably don't need anyway. the tunnel interface has all
the ipx configs. got me stumped...
>From: "Kenny Sallee" <[EMAIL PROTECTED]>
>Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
>To: "vr4drvr ." <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: gre/ipsec
>Date: Wed, 7 Jun 2000 15:05:19 -0700
>
>Why don't you do:
>
>acce 132 permit ip host 135.7.1.3 ho 135.7.1.5 log
>
>Assuming 135.7.1.3 and .5 are the tunnel source/destination? Or am I
>missing something?
>
>Kenny
>
>
>----- Original Message -----
>From: "vr4drvr ." <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Wednesday, June 07, 2000 2:11 PM
>Subject: Re: gre/ipsec
>
>
> > not easily.
> >
> > here's the deal...i can use an access list such as...
> >
> > acc 132 per icmp ho 135.7.1.3 ho 135.7.1.5 log
> >
> > on the host 135.7.1.3 pointing to 135.7.1.5, and of course the mirror
>image
> > on the other side. all works fine with the pings, in that the first 5
> > time-out while the SA is built. after that the pings are successful.
>but
> > when i use the following...
> >
> > acc 132 per gre ho 135.7.1.3 ho 135.7.1.5 log
> >
> > the ipx pings never bring up the line. shouldn't the above acl cover
>gre
> > encapsulated packets?
> >
> >
> > >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >To: "vr4drvr ." <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > >Subject: Re: gre/ipsec
> > >Date: Wed, 7 Jun 2000 13:59:57 -0700
> > >
> > >Can you post your configs?
> > >
> > >Kenny
> > >
> > >----- Original Message -----
> > >From: "vr4drvr ." <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Wednesday, June 07, 2000 11:32 AM
> > >Subject: gre/ipsec
> > >
> > >
> > > > i'm trying a simple GRE/IPSEC scenario that i can't seem to get to
>work.
> > > > i've built a tunnel between 2 router to pass ipx traffic, and for
> > >security
> > >i
> > > > would like to encrypt the tunnel traffic. my crypto map points to
>an
> > >access
> > > > list that allows gre traffic, but the crypto isakmp sa never builds.
> > >any
> > > > ideas?
> > > >
>________________________________________________________________________
> > > > Get Your Private, Free E-mail from MSN Hotmail at
>http://www.hotmail.com
> > > >
> > > > ___________________________________
> > > > UPDATED Posting Guidelines:
>http://www.groupstudy.com/list/guide.html
> > > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > > Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
> > > >
> > >
> >
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> >
>
>___________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
