2 Replies Latest reply on Oct 8, 2014 12:30 PM by ipeek

    GRE over VPN

    ipeek New Member

      Hey guys here's what I've got:

       

      Two 3430's  with a working GRE tunnel. I've seen the other posts about how to setup a VPN and GRE. I've followed them but I've got no clue if the VPN is actually working. When I check the VPN Peers on both ends it tell me "0 Static Hosts Connected".

       

      Something I guess I missed or was not clear to me was, do I need to run the VPN Wizard on both ends? I know when I setup an IPsec on pfSense I set it on both ends. The AdTran WebUI is very confusing to me. Either way I've run the Wizard on both sides and each of their "Peer Address" are the WAN's of the other Adtran. Remote ID's are "Match Any", Same Preshared Key, Local ID= Global System ID.

       

      I've already followed the GRE over VPN guide and changed the ACL for the VPN and selected GRE and changed the IP's on both sides. My tunnel still works but I've got no idea if it's now encrypted via the VPN my guess is it's not.

       

      Below are the VPN parts of the config:

       

      Remote(4.2)

      ip crypto

      !

      crypto ike policy 100

        initiate main

        respond anymode

        peer 207.xx.211.xxx

        attribute 1

        encryption 3des

        hash md5

        authentication pre-share

      !

      crypto ike remote-id any preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

      crypto ike remote-id address 207.xx.211.xxx preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

      !

      !

      ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac

        mode tunnel

      !

      ip crypto map VPN 10 ipsec-ike

        description VPN to HQ

        match address ip VPN-10-vpn-selectors

        set peer 207.xx.211.xxx

        set transform-set esp-3des-esp-md5-hmac

        ike-policy 100

      !

      !

      !

       

       

       

      Local(2.1)

      ip crypto

      !

      crypto ike policy 100

        initiate main

        respond anymode

        peer 38.xxx.3.xxx

        attribute 1

        encryption 3des

        hash md5

        authentication pre-share

      !

      crypto ike remote-id any preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

      crypto ike remote-id address 38.xxx.3.xxx preshared-key XXXXXXXX ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

      !

      !

      ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac

        mode tunnel

      !

      ip crypto map VPN 10 ipsec-ike

        description VPN to GA-Calls

        match address ip VPN-10-vpn-selectors1

        set peer 38.xxx.3.xxx

        set transform-set esp-3des-esp-md5-hmac

        ike-policy 100

      !

      !

      !

        • Re: GRE over VPN
          levi Employee

          ipeek:

           

          It appears you opened a ticket with ADTRAN Technical Support on this post.  When you get a chance, will you please reply to this post with the outcome to assist other support community members?

           

          Levi

          • Re: GRE over VPN
            ipeek New Member

            levi

             

            Not a problem. I meant to come back and mark it as closed and give the resolution but I've gotten real busy.

             

            After having noor phone me and we talked through the problem we realized the main problem was User Error and having to bring down the tunnel all together and re-enabling it. I had misinterpreted the KB article that explains the GRE over VPN. Other than that we needed to tweak the firewall settings just a tad. As Noor did most of the work I don't have much recollection as to what all was done via the CLI.