Table of Contents
Advertisement
Setting Up the Secure GRE or DVMRP Connection
In Figure 29 on page 301, a secure GRE/IPSec connection is set up between two E
Series routers. To set up the secure connection:
1.
2.
The GRE tunnel now runs over the SAs that IKE established.
Figure 29: GRE/IPSec Connection
Configuration Tasks
The main configuration tasks for setting up GRE or DVMRP over IPSec on E Series
routers are:
Enabling IPSec Support for GRE and DVMRP Tunnels
To create GRE/IPSec and DVMRP/IPSec tunnels, use the ipsec-transport keyword
with the interface tunnel command.
interface tunnel dvmrp
Set up the IPSec connection between the two routers. IKE signals a security
association (SA) between the two IPSec tunnel endpoints.
Two unidirectional SAs are established to secure data traffic.
Set up a GRE tunnel between the two routers.
Set up the GRE or DVMRP tunnel, specifying the virtual router and destination
address, and enabling IPSec support. See "Configuring IP Tunnels" on page 245.
Set up digital certificates on the router, or configure preshared keys for IKE
authentication.
To set up digital certificates, see "Configuring Digital Certificates" on page 213.
To set up preshared keys, see "Configuring IPSec Parameters" on page 146
in "Configuring IPSec" on page 125.
Create IPSec policies. See "Defining an IKE Policy" on page 156 in "Configuring
IPSec" on page 125.
Configure IPSec transport profiles. See "Configuring IPSec Transport Profiles"
on page 302.
Chapter 12: Securing L2TP and IP Tunnels with IPSec
GRE/IPSec and DVMRP/IPSec Tunnels
301
Advertisement
Table of Contents
