Support
Community

ipeek · ‎09-29-2014

Hey guys here's what I've got:

Two 3430's with a working GRE tunnel. I've seen the other posts about how to setup a VPN and GRE. I've followed them but I've got no clue if the VPN is actually working. When I check the VPN Peers on both ends it tell me "0 Static Hosts Connected".

Something I guess I missed or was not clear to me was, do I need to run the VPN Wizard on both ends? I know when I setup an IPsec on pfSense I set it on both ends. The AdTran WebUI is very confusing to me. Either way I've run the Wizard on both sides and each of their "Peer Address" are the WAN's of the other Adtran. Remote ID's are "Match Any", Same Preshared Key, Local ID= Global System ID.

I've already followed the GRE over VPN guide and changed the ACL for the VPN and selected GRE and changed the IP's on both sides. My tunnel still works but I've got no idea if it's now encrypted via the VPN my guess is it's not.

Below are the VPN parts of the config:

Remote(4.2)

ip crypto

!

crypto ike policy 100

initiate main

respond anymode

peer 207.xx.211.xxx

attribute 1

encryption 3des

hash md5

authentication pre-share

!

crypto ike remote-id any preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

crypto ike remote-id address 207.xx.211.xxx preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

!

ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac

mode tunnel

!

ip crypto map VPN 10 ipsec-ike

description VPN to HQ

match address ip VPN-10-vpn-selectors

set peer 207.xx.211.xxx

set transform-set esp-3des-esp-md5-hmac

ike-policy 100

!

Local(2.1)

ip crypto

!

crypto ike policy 100

initiate main

respond anymode

peer 38.xxx.3.xxx

attribute 1

encryption 3des

hash md5

authentication pre-share

!

crypto ike remote-id any preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

crypto ike remote-id address 38.xxx.3.xxx preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

!

ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac

mode tunnel

!

ip crypto map VPN 10 ipsec-ike

description VPN to GA-Calls

match address ip VPN-10-vpn-selectors1

set peer 38.xxx.3.xxx

set transform-set esp-3des-esp-md5-hmac

ike-policy 100

!

ipeek · ‎10-08-2014

levi

Not a problem. I meant to come back and mark it as closed and give the resolution but I've gotten real busy.

After having noor phone me and we talked through the problem we realized the main problem was User Error and having to bring down the tunnel all together and re-enabling it. I had misinterpreted the KB article that explains the GRE over VPN. Other than that we needed to tweak the firewall settings just a tad. As Noor did most of the work I don't have much recollection as to what all was done via the CLI.

View solution in original post

Anonymous · ‎10-08-2014

ipeek:

It appears you opened a ticket with ADTRAN Technical Support on this post. When you get a chance, will you please reply to this post with the outcome to assist other support community members?

Levi

ipeek · ‎10-08-2014

levi

Not a problem. I meant to come back and mark it as closed and give the resolution but I've gotten real busy.

After having noor phone me and we talked through the problem we realized the main problem was User Error and having to bring down the tunnel all together and re-enabling it. I had misinterpreted the KB article that explains the GRE over VPN. Other than that we needed to tweak the firewall settings just a tad. As Noor did most of the work I don't have much recollection as to what all was done via the CLI.

Support
Community

GRE over VPN

VPN

Re: GRE over VPN

Re: GRE over VPN

Re: GRE over VPN

SupportCommunity

GRE over VPN

VPN

Re: GRE over VPN

Re: GRE over VPN

Re: GRE over VPN

Support
Community