From: Michael Snyder (msnyder@revolutioncomputer.com)
Date: Sat Feb 28 2004 - 23:47:45 GMT-3
I remember doing this on IOS 12.0
They still haven't fixed it?
R1
Crypto Map "bb3" 10 ipsec-isakmp
Peer = 136.10.9.9
Extended IP access list 101
access-list 101 permit gre any any
Current peer: 136.10.9.9
Security association lifetime: 4608000 kilobytes/1000 seconds
PFS (Y/N): Y
DH group: group2
Transform sets={ michael, }
Interfaces using crypto map bb3:
Serial0
Tunnel0
R9
Crypto Map "bb1" 10 ipsec-isakmp
Peer = 136.10.1.1
Extended IP access list 101
access-list 101 permit gre any any
Current peer: 136.10.1.1
Security association lifetime: 4608000 kilobytes/1000 seconds
PFS (Y/N): Y
DH group: group2
Transform sets={ michael, }
Interfaces using crypto map bb1:
Serial0
Tunnel0
R1#st s0
Building configuration...
Current configuration : 199 bytes
!
interface Serial0
ip address 136.10.12.1 255.255.255.0
ip pim sparse-dense-mode
no fair-queue
service-module 56k clock source internal
service-module 56k network-type dds
crypto map bb3
end
R1#st tu0
Building configuration...
Current configuration : 139 bytes
!
interface Tunnel0
ip address 192.168.100.2 255.255.255.252
tunnel source Loopback0
tunnel destination 136.10.9.9
crypto map bb3
end
R1#
I had to apply a crypto map that only encrypts GRE traffic inside my
tunnel interface, to get my gre tunnel working!
Com`on if that`s not circle logic, I don`t know what would be.
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:59 GMT-3