Hi,<br><br>I'm trying to run ipsec over GRE tunnels. I created 2 gre tunnels (<a href="http://1.1.1.1">1.1.1.1</a> on linux) and (<a href="http://1.1.1.2">1.1.1.2</a> on cisco).<br>They are able to ping each other well.
<br>Then I set up ipsec between <a href="http://1.1.1.1">1.1.1.1</a> and <a href="http://1.1.1.2">1.1.1.2</a>. This is where the problem arises. <br>Openswan says the Phase I (ISAKMP SA established) but fails on Phase II.
<br><br>Please find attached contents of ipsec barf and cisco config.<br>Point out if i'm messing something.<br><br>Bholi.<br><br><div><span class="gmail_quote">On 9/6/07, <b class="gmail_sendername">Leonardo Rodrigues Magalhães
</b> <<a href="mailto:leolistas@solutti.com.br">leolistas@solutti.com.br</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br>Bholi Patra escreveu:<br>> Hi,<br>><br>> I want to set up IPsec over GRE tunnel between an openswan box and a<br>> cisco router.<br>> Can anybody tell me how to go about it.<br><br> Why not direct IPSec between openswan and cisco ????
<br><br> If your GRE tunnel is already up and running, there should be no<br>difference at all on getting IPSec running over GRE tunnel. The only<br>thing i can imagine is that you'll probably have MTU problems because of
<br>this tunnel over tunnel situation. Maybe you'll need some '-j TCPMSS' on<br>openswan box (supposing it's linux) and 'ip tcp adjust-mss' on your<br>cisco router to adjust MSS and thus avoid MTU problems.
<br><br>--<br><br><br> Atenciosamente / Sincerily,<br> Leonardo Rodrigues<br> Solutti Tecnologia<br> <a href="http://www.solutti.com.br">http://www.solutti.com.br</a><br><br> Minha armadilha de SPAM, NÃO mandem email
<br> <a href="mailto:gertrudes@solutti.com.br">gertrudes@solutti.com.br</a><br> My SPAMTRAP, do not email it<br><br><br><br><br><br></blockquote></div><br><br clear="all"><br>-- <br>My opinions may have changed, but not the fact that I am right.