[Openswan Users] IPsec over GRE
Bholi Patra
mad.max.mmx at gmail.com
Thu Sep 6 08:22:14 EDT 2007
Hi,
I'm trying to run ipsec over GRE tunnels. I created 2 gre tunnels
(1.1.1.1on linux) and (
1.1.1.2 on cisco).
They are able to ping each other well.
Then I set up ipsec between 1.1.1.1 and 1.1.1.2. This is where the problem
arises.
Openswan says the Phase I (ISAKMP SA established) but fails on Phase II.
Please find attached contents of ipsec barf and cisco config.
Point out if i'm messing something.
Bholi.
On 9/6/07, Leonardo Rodrigues Magalhães <leolistas at solutti.com.br> wrote:
>
>
>
> Bholi Patra escreveu:
> > Hi,
> >
> > I want to set up IPsec over GRE tunnel between an openswan box and a
> > cisco router.
> > Can anybody tell me how to go about it.
>
> Why not direct IPSec between openswan and cisco ????
>
> If your GRE tunnel is already up and running, there should be no
> difference at all on getting IPSec running over GRE tunnel. The only
> thing i can imagine is that you'll probably have MTU problems because of
> this tunnel over tunnel situation. Maybe you'll need some '-j TCPMSS' on
> openswan box (supposing it's linux) and 'ip tcp adjust-mss' on your
> cisco router to adjust MSS and thus avoid MTU problems.
>
> --
>
>
> Atenciosamente / Sincerily,
> Leonardo Rodrigues
> Solutti Tecnologia
> http://www.solutti.com.br
>
> Minha armadilha de SPAM, NÃO mandem email
> gertrudes at solutti.com.br
> My SPAMTRAP, do not email it
>
>
>
>
>
>
--
My opinions may have changed, but not the fact that I am right.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070906/3c1d2925/attachment-0001.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec_barf.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20070906/3c1d2925/attachment-0002.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cisco_config.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20070906/3c1d2925/attachment-0003.txt
More information about the Users
mailing list