[GRLUG] IPSec protected GRE tunnels on Cisco IOS [Was: VPN Help]
Adam Tauno Williams
awilliam at whitemice.org
Sun Aug 4 19:57:43 EDT 2013
On Sun, 2013-08-04 at 17:03 -0500, L. V. Lammert wrote:
> At 04:44 PM 8/4/2013, Adam Tauno Williams wrote:
> >A piece of crap from a vendor being dumped by its parent and with a
> >support life-cycle roughly equivalent to how long it took you to walk
> >out the door. Put the manual on a thumbdrive and duct-tape it to the
> >device [seriously!] - because six months from now you [or the poor sod
> >who inherits this thing] will not be able to find anything at all about
> >this unit.
> OK, .. we ALL know by now how much you hate Linksys and LOVE putting
> together a POJ that you have to support, .. how about something maybe
> OT and *constructive* like hints on how to configure a
> remote-site-to-server VPN?
<http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/868-cisco-router-gre-ipsec.html>
There are lots of good articles and examples; basically you want an
IPSec protected tunnel. It is even better if your router platform
suppors VRF [Virtual Router Framework]; that is basically virtualization
for the router, so the router can be divided - the outside router cannot
communicate with the inside router.
With VRF you can do -
interface Tunnel3601
ip vrf forwarding AAA
ip address 192.168.3.5 255.255.255.252
tunnel source Loopback3601
tunnel destination 192.168.2.6
tunnel vrf AAA-WAN
tunnel protection ipsec profile AAA-P
- where AAA is your internal VRF and AAA-WAN is your external VRF, so
the tunnel end-point is internal, but the tunnel traffic itself is
explicitly external.
<https://supportforums.cisco.com/thread/2027921>
More information about the grlug
mailing list