cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor

GRE over IPsec with a dynamic host

Jump to solution


Is there a way to create a GRE tunnel over a VPN tunnel when one end of the tunnel is a dynamic host?

Labels (1)
0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
Valued Contributor II
Valued Contributor II

Re: GRE over IPsec with a dynamic host

Jump to solution

Yes, that is what we teach in the class to use Loopback IPs for the GRE Source/Dest tunnel interfaces. Then you have to modify the VPN selectors to allow GRE through destined to that far end loopback interface.

Let us know if you have any further questions.

-Mark

View solution in original post

0 Kudos
Reply
12 Replies
Highlighted
Valued Contributor II
Valued Contributor II

Re: GRE over IPsec with a dynamic host

Jump to solution

Yes this can be done. The tunnel must be Aggressive mode instead of main mode in Phase 1. Even if you use dynamic DNS, you still have to use Aggressive mode. See Doc-2889 for more info.

See Doc-2310 for GRE over VPN config guide.

We will be releasing a new Expert level certification called ATSE/UCAS which goes through networking 7100 to a remote gateway like the NV6355 with GRE over IPSec VPN tunnel with advanced voice routing and fail over. Should be out in May.

Hoped that helped. Let me know if u have questions.

-Mark

Sent from my mobile phone

Highlighted
New Contributor

Re: GRE over IPsec with a dynamic host

Jump to solution

What do you use for destination address on the tunnel setup from the static side. I know it would normally be the static IP of the remote site butsince it is dynamic how do you enter it?

Rory

0 Kudos
Highlighted
Valued Contributor II
Valued Contributor II

Re: GRE over IPsec with a dynamic host

Jump to solution

Are you configuring from the GUI or CLI?

If GUI, are you using the VPN Wizard?

-Mark

0 Kudos
Highlighted
New Contributor

Re: GRE over IPsec with a dynamic host

Jump to solution

Mark I amusing the GUI. But I figured out that I needed to create a loopback IP to use for the VPN selectors and the Tunnel source and destination address since I didn’t have a static public to use on the GRE tunnel setup.

Rory Duquette

0 Kudos
Highlighted
Valued Contributor II
Valued Contributor II

Re: GRE over IPsec with a dynamic host

Jump to solution

Yes, that is what we teach in the class to use Loopback IPs for the GRE Source/Dest tunnel interfaces. Then you have to modify the VPN selectors to allow GRE through destined to that far end loopback interface.

Let us know if you have any further questions.

-Mark

View solution in original post

0 Kudos
Reply
Highlighted
New Contributor

Re: GRE over IPsec with a dynamic host

Jump to solution

Oh sorry I have always just used the static publics. Thank you for the help though.

On a separate note am I missing a step in setting up remote Polycom phones. The phones come up and pull a config. Show there proper extensions but won’t register. When I look at the error details they show the Server still as the default 10.10.20.1 even though I have changed it everywhere I can think of. Do I need to modify a .cfg manually or something?

Rory

0 Kudos
Highlighted
Valued Contributor II
Valued Contributor II

Re: GRE over IPsec with a dynamic host

Jump to solution

Regarding the remote phone, are you setting up “Simple Remote Phone” feature which is coming over public internet or is the remote phone coming through the GRE/VPN tunnel?

-Mark

0 Kudos
Highlighted
New Contributor

Re: GRE over IPsec with a dynamic host

Jump to solution

GRE. Found my mistake just forgot to put a Media gatway on the tunnel interface

0 Kudos
Highlighted
Valued Contributor II
Valued Contributor II

Re: GRE over IPsec with a dynamic host

Jump to solution

That will do it! 😃 make sure you do that on both sites.

We recommend making a loopback address for the media gateway and assign that to the tunnel interface. Do this at both locations.

Good job on the troubleshooting.

-Mark