Configuring IPsec over GRE Tunnel on Cisco Devices
This guide outlines the steps to configure an IPsec over GRE tunnel on Cisco routers. This setup combines the advantages of GRE tunnels, such as the ability to encapsulate a wide variety of network layer protocols over a single point-to-point link, with the security features of IPsec.
Prerequisites
- Two Cisco routers with IP connectivity.
- IOS with crypto support.
- Knowledge of the network topology and IP addressing scheme.
Configuration Overview
- Configure GRE Tunnel
- Configure IPsec
- Verify the Tunnel and IPsec Configuration
Step 1: Configure GRE Tunnel
Router A Configuration
Replace 192.168.1.1
with the local tunnel IP and 192.168.2.1
with the remote tunnel IP.
Replace 192.168.2.1 with the local tunnel IP and 192.168.1.1 with the remote tunnel IP.
This policy defines the main mode parameters.
Specify Pre-shared Key (on both routers)Replace YourPSK with your pre-shared key.
This set specifies the transform parameters for IPsec.
Define the Crypto Map (on both routers)This map ties the ISAKMP and IPsec configuration together and applies it to the interface.
Replace OutsideInterface with the actual interface name facing the peer.
Configure Access Control List (ACL) (on both routers)This ACL permits the GRE tunnel traffic to be encrypted by IPsec.
By following these steps, you will have successfully configured an IPsec over GRE tunnel on Cisco routers, providing a secure and encapsulated VPN tunnel for your network traffic.