cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ipeek
New Contributor II

GRE over VPN

Jump to solution

Hey guys here's what I've got:

Two 3430's  with a working GRE tunnel. I've seen the other posts about how to setup a VPN and GRE. I've followed them but I've got no clue if the VPN is actually working. When I check the VPN Peers on both ends it tell me "0 Static Hosts Connected".

Something I guess I missed or was not clear to me was, do I need to run the VPN Wizard on both ends? I know when I setup an IPsec on pfSense I set it on both ends. The AdTran WebUI is very confusing to me. Either way I've run the Wizard on both sides and each of their "Peer Address" are the WAN's of the other Adtran. Remote ID's are "Match Any", Same Preshared Key, Local ID= Global System ID.

I've already followed the GRE over VPN guide and changed the ACL for the VPN and selected GRE and changed the IP's on both sides. My tunnel still works but I've got no idea if it's now encrypted via the VPN my guess is it's not.

Below are the VPN parts of the config:

Remote(4.2)

ip crypto

!

crypto ike policy 100

  initiate main

  respond anymode

  peer 207.xx.211.xxx

  attribute 1

  encryption 3des

  hash md5

  authentication pre-share

!

crypto ike remote-id any preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

crypto ike remote-id address 207.xx.211.xxx preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

!

!

ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac

  mode tunnel

!

ip crypto map VPN 10 ipsec-ike

  description VPN to HQ

  match address ip VPN-10-vpn-selectors

  set peer 207.xx.211.xxx

  set transform-set esp-3des-esp-md5-hmac

  ike-policy 100

!

!

!

Local(2.1)

ip crypto

!

crypto ike policy 100

  initiate main

  respond anymode

  peer 38.xxx.3.xxx

  attribute 1

  encryption 3des

  hash md5

  authentication pre-share

!

crypto ike remote-id any preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

crypto ike remote-id address 38.xxx.3.xxx preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

!

!

ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac

  mode tunnel

!

ip crypto map VPN 10 ipsec-ike

  description VPN to GA-Calls

  match address ip VPN-10-vpn-selectors1

  set peer 38.xxx.3.xxx

  set transform-set esp-3des-esp-md5-hmac

  ike-policy 100

!

!

!

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
ipeek
New Contributor II

Re: GRE over VPN

Jump to solution

levi

Not a problem. I meant to come back and mark it as closed and give the resolution but I've gotten real busy.

After having noor phone me and we talked through the problem we realized the main problem was User Error and having to bring down the tunnel all together and re-enabling it. I had misinterpreted the KB article that explains the GRE over VPN. Other than that we needed to tweak the firewall settings just a tad. As Noor did most of the work I don't have much recollection as to what all was done via the CLI.

View solution in original post

0 Kudos
2 Replies
Anonymous
Not applicable

Re: GRE over VPN

Jump to solution

ipeek:

It appears you opened a ticket with ADTRAN Technical Support on this post.  When you get a chance, will you please reply to this post with the outcome to assist other support community members?

Levi

ipeek
New Contributor II

Re: GRE over VPN

Jump to solution

levi

Not a problem. I meant to come back and mark it as closed and give the resolution but I've gotten real busy.

After having noor phone me and we talked through the problem we realized the main problem was User Error and having to bring down the tunnel all together and re-enabling it. I had misinterpreted the KB article that explains the GRE over VPN. Other than that we needed to tweak the firewall settings just a tad. As Noor did most of the work I don't have much recollection as to what all was done via the CLI.

View solution in original post

0 Kudos