Les Mikesell wrote:
This may be off-topic for this list but perhaps someone could at least point me to a better source... When doing IPSec tunnels between Cisco routers it works nicely to first make a GRE tunnel which gives you a fairly normal interface that can run routing protocols, etc., then use 'crypto map' to push the GRE packets through IPSec encryption.
Are there any examples available that would match this setup with Linux on one end, Cisco on the other? A Linux<->Cisco GRE is easy enough and zebra/quagga should run rip or ospf over that, but then I'd like to pass the GRE packets though IPSec before sending.
would not be better to have a GRE Tunnel Secured with ipsec? i mean creating the normale tunnel
interface tunnel 1 etc ....
then apply the crypto map to make a transport ipsec point 2 point connecttion beetween the REAL interface ip address of both end of the tunnel matching GRE packets.
This way you'll have a logical interface Tunnel on both routers with an IPSEC encryption for all GRE packets beetween this 2 interfaces.
Bye Primeroz
