[Openswan Users] GRE over IPSec - Cisco endpoint

Tom Stockton tom at stocktons.org.uk
Tue Dec 22 05:54:26 EST 2009

On Sun, Dec 20, 2009 at 7:04 PM, Tom Stockton <tom at stocktons.org.uk> wrote:

I'm pretty stuck now so any other suggestions would be very welcome.
> I'll request the cisco config from the third party so that I can see
> exactly what's going  on ....

Relevant IOS config from the Third Party, looks as I expected.

crypto isakmp policy 40
 encr 3des
 hash md5
 authentication pre-share

crypto isakmp key <password> address
crypto ipsec transform-set TransformSet_4 esp-3des esp-md5-hmac

interface Loopback499
 description - L499 is used by ALL GRE-over-IPSec customers
 ip address

ip access-list extended CUSTOMER_2VPN_Encrypt
 permit gre host host

crypto map combined_IPSec 41 ipsec-isakmp
 description : IPSec setting for CUSTOMER
 set peer
 set transform-set TransformSet_4
 set pfs group2
 match address CUSTOMER_2VPN_Encrypt

interface Tunnel528
 description : GRE and IPSec to CUSTOMER
 ip unnumbered Loopback499
 ip access-group acl-permit-IPSec-cust-to-smsga out
 tunnel source Loopback499
 tunnel destination
 crypto map combined_IPSec

ip route Tunnel528

Any advice greatly appreciated.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091222/119b843d/attachment.html 

More information about the Users mailing list