So This is just a basic configuration to demo how to setup GRE over IPsec
Below are some of the commands I used, Also note that the config must be exactly the same on both sides. R1 in my topology is the IPS router with the other 2 being the sites.
Remember to setup normal routing between them they are suppose to work just like normal sites with internet break out. for my routing i used OSPF.
Commands used for GRE and IPsec:
gre part
R1(config-if)#do show hist interface tunnel 0 ip address 192.168.1.2 255.255.255.0 tunnel source fastEthernet 0/1 tunnel destination 101.1.1.100 tunnel mode gre ip ip ospf 10 area 0 do show hist R1(config-if)#
ipsec part
R2(config)#crypto isakmp policy 1 R2(config-isakmp)#authentication pre-share R2(config-isakmp)#encryption aes R2(config-isakmp)#hash sha R2(config-isakmp)#group 5 R2(config-isakmp)#life R2(config-isakmp)#lifetime 1800 R2(config-isakmp)#exit R2(config)#cry R2(config)#crypto isakmp key cisco address 101.1.1.100 R2(config)#crypto ipsec transform-set t-set esp-aes esp-sha-hmac R2(cfg-crypto-trans)#mode tunnel R2(cfg-crypto-trans)#exit R2(config)#crypto ipsec profile cisco R2(ipsec-profile)#set tran R2(ipsec-profile)#set transform-set t-set R2(ipsec-profile)#int t0 R2(config-if)#tunnel protection ipsec profile cisco R2(config-if)# *Jun 20 17:03:18.259: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R2(config-if)#
once configured on both sides you will receive a log message confirming connectivity, you can also do show crypto engine connections active that should give you below printout:
R2#show crypto engine connections active Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address 1 IPsec AES+SHA 0 7 7 102.1.1.100 2 IPsec AES+SHA 6 0 0 102.1.1.100 3 IPsec AES+SHA 0 27 27 102.1.1.100 4 IPsec AES+SHA 28 0 0 102.1.1.100 1001 IKE SHA+AES 0 0 0 102.1.1.100 1002 IKE SHA+AES 0 0 0 102.1.1.100
If you have any questions or require assistance let me know.












