subject:"gre\/ipsec"

Re: running GRE/IPSEC between PE routers [7:72764]

2003-07-24 Thread

tunnel? what tunnel? your "show ip int brief" does not reveal a tunnel. your
provider is where the tunnel is? So PE1 and PE2 are your CE peers?

I've done GRE tunnels across the internet with study partners, and it works
just fine.

can your CE routers ping eachother? If not, where does the routing break
down. traceroute is useful here.

What are the default routes that your Sun machines are using?

troubleshooting 101.


""Luan Nguyen""  wrote in message
news:[EMAIL PROTECTED]
> Hello,
> Anyone knows if you need to do anything special on the tunnel link for
> this to work? Like run tag-switching there for example?
> I have 2 cisco 2651xm acting as PE and have a GRE with IPSEC transport
> mode between them.  The CE has all the routes to the other CE, mBGP look
> good, everything look good from the show perspective, but I just can't
> source ping or ping from one sun box behind one CE to the other one.
> Any help would be greatly appreciated.
>
> -luan
>
> I have a set up like this:
> cisco2621Aethernet/BGPPE1GRE/IPSEC---PE2Ethernet
> /BGP---cisco2621C
> running eigrp inside the tunnel to advertise the loopback.
> PEs = 2651xm running 12.3.1a enterprise 3DES.
> Traceroute die at the PE.
>
> Here are some show routes
>
> 2621A#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
> inter
> area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.1.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> C   10.242.1.0 is directly connected, FastEthernet0/1
> B   10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
>  192.168.1.0/30 is subnetted, 1 subnets
> C   192.168.1.0 is directly connected, FastEthernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.1.1
> 2621A#show ip int brief
> Interface  IP-Address  OK? Method Status
>
>  Protocol
> FastEthernet0/0192.168.1.2 YES manual up
>
>  up
> FastEthernet0/110.242.1.1  YES manual up
>
>  up
> 2621C#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
> inter
> area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.2.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
> C   10.242.2.0 is directly connected, Ethernet0/1
>  192.168.2.0/30 is subnetted, 1 subnets
> C   192.168.2.0 is directly connected, Ethernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.2.1
>
> 2651XM1#show ip route vrf customer1
>
> Routing Table: customer1
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2
>i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
>ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is not set
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
> B   10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
>  192.168.1.0/30 is subnetted, 1 subnets
> C   192.168.1.0 is directly connected, FastEthernet0/0
>
> 2651XM2#show ip route vrf customer1
>
> Routing Table: customer1
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2
>i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
>ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>o - ODR, P - periodic download

Re: running GRE/IPSEC between PE routers [7:72764]

2003-07-23 Thread

tunnel? what tunnel? your "show ip int brief" does not reveal a tunnel. your
provider is where the tunnel is? So PE1 and PE2 are your CE peers?

I've done GRE tunnels across the internet with study partners, and it works
just fine.

can your CE routers ping eachother? If not, where does the routing break
down. traceroute is useful here.

What are the default routes that your Sun machines are using?

troubleshooting 101.


""Luan Nguyen""  wrote in message
news:[EMAIL PROTECTED]
> Hello,
> Anyone knows if you need to do anything special on the tunnel link for
> this to work? Like run tag-switching there for example?
> I have 2 cisco 2651xm acting as PE and have a GRE with IPSEC transport
> mode between them.  The CE has all the routes to the other CE, mBGP look
> good, everything look good from the show perspective, but I just can't
> source ping or ping from one sun box behind one CE to the other one.
> Any help would be greatly appreciated.
>
> -luan
>
> I have a set up like this:
> cisco2621Aethernet/BGPPE1GRE/IPSEC---PE2Ethernet
> /BGP---cisco2621C
> running eigrp inside the tunnel to advertise the loopback.
> PEs = 2651xm running 12.3.1a enterprise 3DES.
> Traceroute die at the PE.
>
> Here are some show routes
>
> 2621A#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
> inter
> area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.1.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> C   10.242.1.0 is directly connected, FastEthernet0/1
> B   10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
>  192.168.1.0/30 is subnetted, 1 subnets
> C   192.168.1.0 is directly connected, FastEthernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.1.1
> 2621A#show ip int brief
> Interface  IP-Address  OK? Method Status
>
>  Protocol
> FastEthernet0/0192.168.1.2 YES manual up
>
>  up
> FastEthernet0/110.242.1.1  YES manual up
>
>  up
> 2621C#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
> inter
> area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.2.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
> C   10.242.2.0 is directly connected, Ethernet0/1
>  192.168.2.0/30 is subnetted, 1 subnets
> C   192.168.2.0 is directly connected, Ethernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.2.1
>
> 2651XM1#show ip route vrf customer1
>
> Routing Table: customer1
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2
>i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
>ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is not set
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
> B   10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
>  192.168.1.0/30 is subnetted, 1 subnets
> C   192.168.1.0 is directly connected, FastEthernet0/0
>
> 2651XM2#show ip route vrf customer1
>
> Routing Table: customer1
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2
>i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
>ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>o - ODR, P - periodic download

running GRE/IPSEC between PE routers [7:72764]

2003-07-23 Thread Luan Nguyen

Hello,
Anyone knows if you need to do anything special on the tunnel link for
this to work? Like run tag-switching there for example?  
I have 2 cisco 2651xm acting as PE and have a GRE with IPSEC transport
mode between them.  The CE has all the routes to the other CE, mBGP look
good, everything look good from the show perspective, but I just can't
source ping or ping from one sun box behind one CE to the other one.
Any help would be greatly appreciated.

-luan

I have a set up like this:
cisco2621Aethernet/BGPPE1--------GRE/IPSEC---PE2Ethernet
/BGP---cisco2621C
running eigrp inside the tunnel to advertise the loopback.
PEs = 2651xm running 12.3.1a enterprise 3DES.
Traceroute die at the PE.

Here are some show routes

2621A#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter
area
   * - candidate default, U - per-user static route, o - ODR
   P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

 10.0.0.0/24 is subnetted, 2 subnets
C   10.242.1.0 is directly connected, FastEthernet0/1
B   10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
 192.168.1.0/30 is subnetted, 1 subnets
C   192.168.1.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 192.168.1.1
2621A#show ip int brief
Interface  IP-Address  OK? Method Status

 Protocol
FastEthernet0/0192.168.1.2 YES manual up

 up
FastEthernet0/110.242.1.1  YES manual up

 up
2621C#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter
area
   * - candidate default, U - per-user static route, o - ODR
   P - periodic downloaded static route

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

 10.0.0.0/24 is subnetted, 2 subnets
B   10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
C   10.242.2.0 is directly connected, Ethernet0/1
 192.168.2.0/30 is subnetted, 1 subnets
C   192.168.2.0 is directly connected, Ethernet0/0
S*   0.0.0.0/0 [1/0] via 192.168.2.1

2651XM1#show ip route vrf customer1

Routing Table: customer1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static
route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 10.0.0.0/24 is subnetted, 2 subnets
B   10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
B   10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
 192.168.1.0/30 is subnetted, 1 subnets
C   192.168.1.0 is directly connected, FastEthernet0/0

2651XM2#show ip route vrf customer1

Routing Table: customer1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static
route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 10.0.0.0/24 is subnetted, 2 subnets
B   10.242.1.0 [200/0] via 204.177.181.253, 00:15:45
B   10.242.2.0 [20/0] via 192.168.2.2, 00:15:13
 192.168.2.0/30 is subnetted, 1 subnets
C   192.168.2.0 is directly connected, FastEthernet0/0




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72807&t=72764
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: running GRE/IPSEC between PE routers [7:72764]

2003-07-23 Thread Luan Nguyen

Hello,
Yeah. The GRE thing is fine.  I am doing mpls.  Instead of mpls in the
core - I try to use GRE tunnel between the Provider Edge.
>From the Customer Edge to the Provider Edge I am not doing tunnel so you
won't see tunnel there - it just doing BGP.
CE can't ping each other even though they have the route in the routing
tables
Traceroute dies at the PE
Default routes for the suns are just the CE LAN ip address.

-luan


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 23, 2003 12:35 AM
To: [EMAIL PROTECTED]
Subject: Re: running GRE/IPSEC between PE routers [7:72764]


tunnel? what tunnel? your "show ip int brief" does not reveal a tunnel.
your provider is where the tunnel is? So PE1 and PE2 are your CE peers?

I've done GRE tunnels across the internet with study partners, and it
works just fine.

can your CE routers ping eachother? If not, where does the routing break
down. traceroute is useful here.

What are the default routes that your Sun machines are using?

troubleshooting 101.


""Luan Nguyen""  wrote in message
news:[EMAIL PROTECTED]
> Hello,
> Anyone knows if you need to do anything special on the tunnel link for

> this to work? Like run tag-switching there for example? I have 2 cisco

> 2651xm acting as PE and have a GRE with IPSEC transport mode between 
> them.  The CE has all the routes to the other CE, mBGP look good, 
> everything look good from the show perspective, but I just can't 
> source ping or ping from one sun box behind one CE to the other one. 
> Any help would be greatly appreciated.
>
> -luan
>
> I have a set up like this: 
> cisco2621Aethernet/BGPPE1GRE/IPSEC---PE2Ethern
> et
> /BGP---cisco2621C
> running eigrp inside the tunnel to advertise the loopback.
> PEs = 2651xm running 12.3.1a enterprise 3DES.
> Traceroute die at the PE.
>
> Here are some show routes
>
> 2621A#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS 
> inter area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.1.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> C   10.242.1.0 is directly connected, FastEthernet0/1
> B   10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
>  192.168.1.0/30 is subnetted, 1 subnets
> C   192.168.1.0 is directly connected, FastEthernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.1.1
> 2621A#show ip int brief
> Interface  IP-Address  OK? Method Status
>
>  Protocol
> FastEthernet0/0192.168.1.2 YES manual up
>
>  up
> FastEthernet0/110.242.1.1  YES manual up
>
>  up
> 2621C#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS 
> inter area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.2.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
> C   10.242.2.0 is directly connected, Ethernet0/1
>  192.168.2.0/30 is subnetted, 1 subnets
> C   192.168.2.0 is directly connected, Ethernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.2.1
>
> 2651XM1#show ip route vrf customer1
>
> Routing Table: customer1
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2
>i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS 
> level-2
>ia - IS-IS inter area, * - candidate default, U - per-user 
> static route
>o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is not set
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
> B   10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
>  192.168.1.0/30 is subnetted, 1 subn

Re: running GRE/IPSEC between PE routers [7:72764]

2003-07-22 Thread

tunnel? what tunnel? your "show ip int brief" does not reveal a tunnel. your
provider is where the tunnel is? So PE1 and PE2 are your CE peers?

I've done GRE tunnels across the internet with study partners, and it works
just fine.

can your CE routers ping eachother? If not, where does the routing break
down. traceroute is useful here.

What are the default routes that your Sun machines are using?

troubleshooting 101.


""Luan Nguyen""  wrote in message
news:[EMAIL PROTECTED]
> Hello,
> Anyone knows if you need to do anything special on the tunnel link for
> this to work? Like run tag-switching there for example?
> I have 2 cisco 2651xm acting as PE and have a GRE with IPSEC transport
> mode between them.  The CE has all the routes to the other CE, mBGP look
> good, everything look good from the show perspective, but I just can't
> source ping or ping from one sun box behind one CE to the other one.
> Any help would be greatly appreciated.
>
> -luan
>
> I have a set up like this:
> cisco2621Aethernet/BGPPE1GRE/IPSEC---PE2Ethernet
> /BGP---cisco2621C
> running eigrp inside the tunnel to advertise the loopback.
> PEs = 2651xm running 12.3.1a enterprise 3DES.
> Traceroute die at the PE.
>
> Here are some show routes
>
> 2621A#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
> inter
> area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.1.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> C   10.242.1.0 is directly connected, FastEthernet0/1
> B   10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
>  192.168.1.0/30 is subnetted, 1 subnets
> C   192.168.1.0 is directly connected, FastEthernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.1.1
> 2621A#show ip int brief
> Interface  IP-Address  OK? Method Status
>
>  Protocol
> FastEthernet0/0192.168.1.2 YES manual up
>
>  up
> FastEthernet0/110.242.1.1  YES manual up
>
>  up
> 2621C#show ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
> inter
> area
>* - candidate default, U - per-user static route, o - ODR
>P - periodic downloaded static route
>
> Gateway of last resort is 192.168.2.1 to network 0.0.0.0
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
> C   10.242.2.0 is directly connected, Ethernet0/1
>  192.168.2.0/30 is subnetted, 1 subnets
> C   192.168.2.0 is directly connected, Ethernet0/0
> S*   0.0.0.0/0 [1/0] via 192.168.2.1
>
> 2651XM1#show ip route vrf customer1
>
> Routing Table: customer1
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2
>i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
>ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is not set
>
>  10.0.0.0/24 is subnetted, 2 subnets
> B   10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
> B   10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
>  192.168.1.0/30 is subnetted, 1 subnets
> C   192.168.1.0 is directly connected, FastEthernet0/0
>
> 2651XM2#show ip route vrf customer1
>
> Routing Table: customer1
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>E1 - OSPF external type 1, E2 - OSPF external type 2
>i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
>ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>o - ODR, P - periodic download

running GRE/IPSEC between PE routers [7:72764]

2003-07-22 Thread Luan Nguyen

Hello,
Anyone knows if you need to do anything special on the tunnel link for
this to work? Like run tag-switching there for example?  
I have 2 cisco 2651xm acting as PE and have a GRE with IPSEC transport
mode between them.  The CE has all the routes to the other CE, mBGP look
good, everything look good from the show perspective, but I just can't
source ping or ping from one sun box behind one CE to the other one.
Any help would be greatly appreciated.

-luan

I have a set up like this:
cisco2621Aethernet/BGPPE1--------GRE/IPSEC---PE2Ethernet
/BGP---cisco2621C
running eigrp inside the tunnel to advertise the loopback.
PEs = 2651xm running 12.3.1a enterprise 3DES.
Traceroute die at the PE.

Here are some show routes

2621A#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter
area
   * - candidate default, U - per-user static route, o - ODR
   P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

 10.0.0.0/24 is subnetted, 2 subnets
C   10.242.1.0 is directly connected, FastEthernet0/1
B   10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
 192.168.1.0/30 is subnetted, 1 subnets
C   192.168.1.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 192.168.1.1
2621A#show ip int brief
Interface  IP-Address  OK? Method Status

 Protocol
FastEthernet0/0192.168.1.2 YES manual up

 up
FastEthernet0/110.242.1.1  YES manual up

 up
2621C#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter
area
   * - candidate default, U - per-user static route, o - ODR
   P - periodic downloaded static route

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

 10.0.0.0/24 is subnetted, 2 subnets
B   10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
C   10.242.2.0 is directly connected, Ethernet0/1
 192.168.2.0/30 is subnetted, 1 subnets
C   192.168.2.0 is directly connected, Ethernet0/0
S*   0.0.0.0/0 [1/0] via 192.168.2.1

2651XM1#show ip route vrf customer1

Routing Table: customer1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static
route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 10.0.0.0/24 is subnetted, 2 subnets
B   10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
B   10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
 192.168.1.0/30 is subnetted, 1 subnets
C   192.168.1.0 is directly connected, FastEthernet0/0

2651XM2#show ip route vrf customer1

Routing Table: customer1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static
route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 10.0.0.0/24 is subnetted, 2 subnets
B   10.242.1.0 [200/0] via 204.177.181.253, 00:15:45
B   10.242.2.0 [20/0] via 192.168.2.2, 00:15:13
 192.168.2.0/30 is subnetted, 1 subnets
C   192.168.2.0 is directly connected, FastEthernet0/0




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72764&t=72764
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: gre/ipsec

2000-06-07 Thread Ryan Moffett


It should work with the following access list for your crypto-map:
access-list 101 permit gre host 135.7.1.3 host 135.7.1.5and vise versa
for the other router, just as you had it.

This will apply the crypto-map to traffic traversing the GRE tunnel.

Take a look at the following CCO documentation on IPX over IPSec/GRE
Tunnels:
http://www.cisco.com/warp/public/707/33.shtml

I don't have access to the working configurations, but this is what I have
used for the same situation, including Appletalk and IP instead of IPX.

Can you verify that it works with IP and not IPX traffic?   If the IPX
traffic works without the crypto-map statements applied, then the GRE tunnel
is working.   When you apply the crypto-map, if the IPX communication does
not work properly, then I would imagine IP traffic would not work properly
either.  At this point, there is a problem with SA negotiation, and there is
most likely one of the following occuring:

1.  Crypto-map not applied to both the physical and tunnel interface
2.  Conflicting information in the transform-sets on each router

Can you provide us with the output of:
show crypto engine connections active
show crypto ipsec sa detail
show crypto isakmp policy


Ryan Moffett


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
vr4drvr .
Sent: Wednesday, June 07, 2000 5:12 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: gre/ipsec


not easily.

here's the deal...i can use an access list such as...

acc 132 per icmp ho 135.7.1.3 ho 135.7.1.5 log

on the host 135.7.1.3 pointing to 135.7.1.5, and of course the mirror image
on the other side.  all works fine with the pings, in that the first 5
time-out while the SA is built.  after that the pings are successful.  but
when i use the following...

acc 132 per gre ho 135.7.1.3 ho 135.7.1.5 log

the ipx pings never bring up the line.  shouldn't the above acl cover gre
encapsulated packets?


>From: "Kenny Sallee" <[EMAIL PROTECTED]>
>To: "vr4drvr ." <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: gre/ipsec
>Date: Wed, 7 Jun 2000 13:59:57 -0700
>
>Can you post your configs?
>
>Kenny
>
>- Original Message -
>From: "vr4drvr ." <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, June 07, 2000 11:32 AM
>Subject: gre/ipsec
>
>
> > i'm trying a simple GRE/IPSEC scenario that i can't seem to get to work.
> > i've built a tunnel between 2 router to pass ipx traffic, and for
>security
>i
> > would like to encrypt the tunnel traffic.  my crypto map points to an
>access
> > list that allows gre traffic, but the crypto isakmp sa never builds.
>any
> > ideas?
> > 
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> > ___
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: gre/ipsec

2000-06-07 Thread vr4drvr .


not easily.

here's the deal...i can use an access list such as...

acc 132 per icmp ho 135.7.1.3 ho 135.7.1.5 log

on the host 135.7.1.3 pointing to 135.7.1.5, and of course the mirror image 
on the other side.  all works fine with the pings, in that the first 5 
time-out while the SA is built.  after that the pings are successful.  but 
when i use the following...

acc 132 per gre ho 135.7.1.3 ho 135.7.1.5 log

the ipx pings never bring up the line.  shouldn't the above acl cover gre 
encapsulated packets?


>From: "Kenny Sallee" <[EMAIL PROTECTED]>
>To: "vr4drvr ." <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: gre/ipsec
>Date: Wed, 7 Jun 2000 13:59:57 -0700
>
>Can you post your configs?
>
>Kenny
>
>- Original Message -
>From: "vr4drvr ." <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, June 07, 2000 11:32 AM
>Subject: gre/ipsec
>
>
> > i'm trying a simple GRE/IPSEC scenario that i can't seem to get to work.
> > i've built a tunnel between 2 router to pass ipx traffic, and for 
>security
>i
> > would like to encrypt the tunnel traffic.  my crypto map points to an
>access
> > list that allows gre traffic, but the crypto isakmp sa never builds.  
>any
> > ideas?
> > 
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> > ___
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: gre/ipsec

2000-06-07 Thread Kenny Sallee


Maybe it would help if you ( Ryan ) sent the configs you know work.  I would
also like to take a look.  vr4drvr, we can't help you if you don't post the
configs.  I always rule out config error before I move on.

Kenny


- Original Message -
From: "Ryan Moffett" <[EMAIL PROTECTED]>
To: "vr4drvr ." <[EMAIL PROTECTED]>; "Cisco Groupstudy List"
<[EMAIL PROTECTED]>
Sent: Wednesday, June 07, 2000 2:50 PM
Subject: RE: gre/ipsec


> I have done this a number of times, can you post "sanitized" versions of
> your configs?
>
> Ryan
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> vr4drvr .
> Sent: Wednesday, June 07, 2000 2:33 PM
> To: [EMAIL PROTECTED]
> Subject: gre/ipsec
>
>
> i'm trying a simple GRE/IPSEC scenario that i can't seem to get to work.
> i've built a tunnel between 2 router to pass ipx traffic, and for security
i
> would like to encrypt the tunnel traffic.  my crypto map points to an
access
> list that allows gre traffic, but the crypto isakmp sa never builds.  any
> ideas?
> 
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: gre/ipsec

2000-06-07 Thread Ryan Moffett


I have done this a number of times, can you post "sanitized" versions of
your configs?

Ryan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
vr4drvr .
Sent: Wednesday, June 07, 2000 2:33 PM
To: [EMAIL PROTECTED]
Subject: gre/ipsec


i'm trying a simple GRE/IPSEC scenario that i can't seem to get to work.
i've built a tunnel between 2 router to pass ipx traffic, and for security i
would like to encrypt the tunnel traffic.  my crypto map points to an access
list that allows gre traffic, but the crypto isakmp sa never builds.  any
ideas?

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: gre/ipsec

2000-06-07 Thread vr4drvr .


i can't physically copy them at the moment, not a security issue more of a 
hardware issue.  essentially i have...

r5-s0.1frames0-r3 (ip)

as well,

r5-tu100--tu100-r3 (ipx)

- i have the ipx configs on the tunnel interface, running eigrp between 
them, and the nodes see one another.  when i ping ipx without crypto it 
works, but when i apply crypto it doesn't-recall that when i use crypto with 
access-l 132 per icmp any any it encrypts pings.

the crypto ACL is  access-l 132 per gre any any

- crypto map statements are on the serial int's

this is killing me




>From: "Ryan Moffett" <[EMAIL PROTECTED]>
>To: "vr4drvr ." <[EMAIL PROTECTED]>,"Cisco Groupstudy List" 
><[EMAIL PROTECTED]>
>Subject: RE: gre/ipsec
>Date: Wed, 7 Jun 2000 17:50:32 -0400
>
>I have done this a number of times, can you post "sanitized" versions of
>your configs?
>
>Ryan
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>vr4drvr .
>Sent: Wednesday, June 07, 2000 2:33 PM
>To: [EMAIL PROTECTED]
>Subject: gre/ipsec
>
>
>i'm trying a simple GRE/IPSEC scenario that i can't seem to get to work.
>i've built a tunnel between 2 router to pass ipx traffic, and for security 
>i
>would like to encrypt the tunnel traffic.  my crypto map points to an 
>access
>list that allows gre traffic, but the crypto isakmp sa never builds.  any
>ideas?
>
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: gre/ipsec

2000-06-07 Thread vr4drvr .


your assumption is correct, however, that would encrypt all ip traffic when 
i only want to encrypt the gre traffic.  what's strange is that when i do a 
general ACL for ip/icmp traffic it works, but when i do a ping ipx 
 it doesn't work.  i have verified through debug that a crypto-map 
free config allows the ipx ping using ip protocol 47, which i believe is 
gre.  the serial interface has no ipx configured, except for a frame map ipx 
statement, which i probably don't need anyway.  the tunnel interface has all 
the ipx configs.  got me stumped...


>From: "Kenny Sallee" <[EMAIL PROTECTED]>
>Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
>To: "vr4drvr ." <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: gre/ipsec
>Date: Wed, 7 Jun 2000 15:05:19 -0700
>
>Why don't you do:
>
>acce 132 permit ip host 135.7.1.3 ho 135.7.1.5 log
>
>Assuming 135.7.1.3 and .5 are the tunnel source/destination?  Or am I
>missing something?
>
>Kenny
>
>
>- Original Message -
>From: "vr4drvr ." <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Wednesday, June 07, 2000 2:11 PM
>Subject: Re: gre/ipsec
>
>
> > not easily.
> >
> > here's the deal...i can use an access list such as...
> >
> > acc 132 per icmp ho 135.7.1.3 ho 135.7.1.5 log
> >
> > on the host 135.7.1.3 pointing to 135.7.1.5, and of course the mirror
>image
> > on the other side.  all works fine with the pings, in that the first 5
> > time-out while the SA is built.  after that the pings are successful.  
>but
> > when i use the following...
> >
> > acc 132 per gre ho 135.7.1.3 ho 135.7.1.5 log
> >
> > the ipx pings never bring up the line.  shouldn't the above acl cover 
>gre
> > encapsulated packets?
> >
> >
> > >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >To: "vr4drvr ." <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > >Subject: Re: gre/ipsec
> > >Date: Wed, 7 Jun 2000 13:59:57 -0700
> > >
> > >Can you post your configs?
> > >
> > >Kenny
> > >
> > >- Original Message -
> > >From: "vr4drvr ." <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Wednesday, June 07, 2000 11:32 AM
> > >Subject: gre/ipsec
> > >
> > >
> > > > i'm trying a simple GRE/IPSEC scenario that i can't seem to get to
>work.
> > > > i've built a tunnel between 2 router to pass ipx traffic, and for
> > >security
> > >i
> > > > would like to encrypt the tunnel traffic.  my crypto map points to 
>an
> > >access
> > > > list that allows gre traffic, but the crypto isakmp sa never builds.
> > >any
> > > > ideas?
> > > >
>
> > > > Get Your Private, Free E-mail from MSN Hotmail at
>http://www.hotmail.com
> > > >
> > > > ___
> > > > UPDATED Posting Guidelines: 
>http://www.groupstudy.com/list/guide.html
> > > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > > Report misconduct and Nondisclosure violations to 
>[EMAIL PROTECTED]
> > > >
> > >
> >
> > 
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> >
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: gre/ipsec

2000-06-07 Thread Kenny Sallee


Why don't you do:

acce 132 permit ip host 135.7.1.3 ho 135.7.1.5 log

Assuming 135.7.1.3 and .5 are the tunnel source/destination?  Or am I
missing something?

Kenny


- Original Message -
From: "vr4drvr ." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, June 07, 2000 2:11 PM
Subject: Re: gre/ipsec


> not easily.
>
> here's the deal...i can use an access list such as...
>
> acc 132 per icmp ho 135.7.1.3 ho 135.7.1.5 log
>
> on the host 135.7.1.3 pointing to 135.7.1.5, and of course the mirror
image
> on the other side.  all works fine with the pings, in that the first 5
> time-out while the SA is built.  after that the pings are successful.  but
> when i use the following...
>
> acc 132 per gre ho 135.7.1.3 ho 135.7.1.5 log
>
> the ipx pings never bring up the line.  shouldn't the above acl cover gre
> encapsulated packets?
>
>
> >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> >To: "vr4drvr ." <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> >Subject: Re: gre/ipsec
> >Date: Wed, 7 Jun 2000 13:59:57 -0700
> >
> >Can you post your configs?
> >
> >Kenny
> >
> >- Original Message -
> >From: "vr4drvr ." <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Wednesday, June 07, 2000 11:32 AM
> >Subject: gre/ipsec
> >
> >
> > > i'm trying a simple GRE/IPSEC scenario that i can't seem to get to
work.
> > > i've built a tunnel between 2 router to pass ipx traffic, and for
> >security
> >i
> > > would like to encrypt the tunnel traffic.  my crypto map points to an
> >access
> > > list that allows gre traffic, but the crypto isakmp sa never builds.
> >any
> > > ideas?
> > >

> > > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
> > >
> > > ___
> > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
>
> 
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: gre/ipsec

2000-06-07 Thread Kenny Sallee


Can you post your configs?

Kenny

- Original Message -
From: "vr4drvr ." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 07, 2000 11:32 AM
Subject: gre/ipsec


> i'm trying a simple GRE/IPSEC scenario that i can't seem to get to work.
> i've built a tunnel between 2 router to pass ipx traffic, and for security
i
> would like to encrypt the tunnel traffic.  my crypto map points to an
access
> list that allows gre traffic, but the crypto isakmp sa never builds.  any
> ideas?
> 
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

gre/ipsec

2000-06-07 Thread vr4drvr .


i'm trying a simple GRE/IPSEC scenario that i can't seem to get to work.  
i've built a tunnel between 2 router to pass ipx traffic, and for security i 
would like to encrypt the tunnel traffic.  my crypto map points to an access 
list that allows gre traffic, but the crypto isakmp sa never builds.  any  
ideas?

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: running GRE/IPSEC between PE routers [7:72764]

Re: running GRE/IPSEC between PE routers [7:72764]

running GRE/IPSEC between PE routers [7:72764]

RE: running GRE/IPSEC between PE routers [7:72764]

Re: running GRE/IPSEC between PE routers [7:72764]

running GRE/IPSEC between PE routers [7:72764]

RE: gre/ipsec

Re: gre/ipsec

Re: gre/ipsec

RE: gre/ipsec

RE: gre/ipsec

Re: gre/ipsec

Re: gre/ipsec

Re: gre/ipsec

gre/ipsec

15 matches

Site Navigation

Mail list logo

Footer information