Hmm, not sure what you mean.... but. Really all you do is create your regular VPN.
Then you create your GRE tunnel. then the ACL here is an abbreviated example. R1# Int Lo0 ip address 1.1.1.1 255.255.255.0 Int Tu0 ip address 10.1.1.1 255.255.255.0 tun source loop0 tun dest 2.2.2.2 crypto map VPN Int s0 ip address 101.101.101.101 255.255.255.0 crypto map VPN access-l 100 permit gre host 1.1.1.1 host 2.2.2.2 That's it, then just take the same actions the other side. It really is just the regular VPN, then extra crypto map on the GRE tunnel and acl. Better? ----- Original Message ----- From: "Michael Jia" To: "'Joe Deleonardo'" ; ; Sent: Sunday, July 06, 2003 5:23 PM Subject: RE: GRE with IPsec > Hi, Joe > > There is a sligt difference between A and B. > Could you share some insights as well? > > Thanks > Michael > > -----Original Message----- > From: Joe Deleonardo [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 06, 2003 5:17 PM > To: Michael Jia; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: GRE with IPsec > > > I don't have a source. But, it's really very simple all you do is apply > the crypto map to the tunnel interface AND the physical interface > between the two devices. > > Then add an ACL: > > access-l 100 permit gre host host destination> > > You do that on each device of course. > > And then the rest of it is just a standard VPN config. > > Cheers, > > Joseph > > > ----- Original Message ----- > From: "Michael Jia" > To: ; > Sent: Sunday, July 06, 2003 2:56 PM > Subject: GRE with IPsec > > > > Hi, > > > > Anyone has good reference doc about GRE with Ipsec . > > > > I am a little confused about 2 flavors of crypto ACL used: > > A) permit ip > > B) permit gre any any > > > > It seems option A is encry first then GRE encap, while option B is > > encap first then encrypt. > > > > Is there a good ref about these setups? > > > > > > Thanks > > Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71966&t=71966 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]