About GRE Over IPSEC

last person joined: 5 days ago

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

Back to discussions

Expand all | Collapse all

About GRE Over IPSEC

Jump to Best Answer

1. About GRE Over IPSEC

0 Recommend
Erdem
Posted 07-01-2010 20:07

Reply Reply Privately
Hi all,
I would like to using GRE Over IPSec between two M10i. I fould a docutment about sample setting with ES PIC.
(http://kb.juniper.net/index?page=content&id=KB11966&actp=search&searchid=1277948878829).

But I just have Adaptive Services & MultiServices 100 now.(Does MS or AS support GRE OVER IPSEC?) How can I do that? Can someone provide the sample configuration? Thank you.
2. RE: About GRE Over IPSEC
Best Answer

0 Recommend
Erdem
Posted 07-05-2010 04:49

Reply Reply Privately
gr-4/0/0 {
   description To-Aicent;
   unit 0 {
   tunnel {
   source 192.168.40.3;
   destination 192.168.40.4;
   }
   family inet {
   mtu 1514;
   address 216.200.75.133/30;
   }
   }
   }
   sp-4/0/0 {
   unit 0 {
   family inet;
   }
   unit 1 {
   family inet;
   service-domain outside;
   }
   unit 2 {
   family inet;
   service-domain inside;
   }

gr-4/0/0 {   description To-Aicent;   unit 0 {   tunnel {   source 192.168.40.3;   destination 192.168.40.4;   }   family inet {   mtu 1514;   address 216.200.75.133/30;   }   }   }   sp-4/0/0 {   unit 0 {   family inet;   }   unit 1 {   family inet;   service-domain outside;   }   unit 2 {   family inet;   service-domain inside;   }

lo0 {
   unit 0 {
   family inet {
   address 112.110.160.254/32;
   address 192.168.40.3/32;
   }
   }
   }
route 192.168.40.4/32 {
   next-hop sp-4/0/0.2;
   resolve;
   }
services {
   ipsec-vpn {
   rule VPN-TO-AIC {
   term gre-tunnel {
   from {
   source-address {
   192.168.40.3/32;
   }
   destination-address {
   192.168.40.4/32;
   }
   }
   then {
   remote-gateway 94.31.2.10;
   dynamic {
   ike-policy AIC-IKE-POLICY;
   ipsec-policy AIC-IPSEC-POLICY;
   }
   }
   }
   match-direction input;
   }
   ipsec {
   proposal AIC-IPSEC-PROPOSAL {
   protocol esp;
   authentication-algorithm hmac-md5-96;
   encryption-algorithm des-cbc;
   lifetime-seconds 3600;
   }
   policy AIC-IPSEC-POLICY {
   perfect-forward-secrecy {
   keys group1;
   }
   proposals AIC-IPSEC-PROPOSAL;
   }
   }
   ike {
   proposal idea-to-aic {
   authentication-method pre-shared-keys;
   dh-group group1;
   authentication-algorithm md5;
   encryption-algorithm des-cbc;
   lifetime-seconds 86400;
   }
   policy AIC-IKE-POLICY {
   mode main;
   proposals idea-to-aicent;
   pre-shared-key ascii-text "$9$k.m5CA0IRSmfu1IEKvxN-VwYDjq5T3wYgJ"; ## SECRET-DATA
   }
   }
   inactive: traceoptions {
   file AIC_VPN;
   flag ike;
   flag all;
   }
   establish-tunnels immediately;
   }
   service-set ICL-AIC-GRE {
   next-hop-service {
   inside-service-interface sp-4/0/0.2;
   outside-service-interface sp-4/0/0.1;
   }
   ipsec-vpn-options {
   local-gateway 124.124.111.49;
   }
   ipsec-vpn-rules VPN-TO-AIC;
   }
}
3. RE: About GRE Over IPSEC

0 Recommend
Erdem
Posted 07-05-2010 20:24

Reply Reply Privately
Saurabh,thank you so much.

I tried it with MS PIC,and it's success.

Thank you ^_^
4. RE: About GRE Over IPSEC

0 Recommend
Erdem
Posted 05-02-2013 00:57

Reply Reply Privately
Hi Korde:

May you share your config sample to me?

Thank you.

Routing

About GRE Over IPSEC

Erdem07-01-2010 20:07

Erdem07-05-2010 04:49Best Answer

Erdem07-05-2010 20:24

Erdem05-02-2013 00:57

1. About GRE Over IPSEC

2. RE: About GRE Over IPSEC Best Answer

3. RE: About GRE Over IPSEC

4. RE: About GRE Over IPSEC

2. RE: About GRE Over IPSEC
Best Answer