This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

how to configure gre over ipsec?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to configure gre over ipsec?

Felixcao
L3 Networker

‎11-04-2021 03:50 AM

Anybody know how to configure gre over ipsec ?

from the 9.0,pa support gre tunnel and only one word describe about this feature.

  • (Optional) Select Add GRE Encapsulation to enable GRE over IPSec.
    Add GRE encapsulation in cases where the remote endpoint requires traffic to be encapsulated within a GRE tunnel before IPSec encrypts the traffic. For example, some implementations require multicast traffic to be encapsulated before IPSec encrypts it. Add GRE Encapsulation when the GRE packet encapsulated in IPSec has the same source IP address and destination IP address as the encapsulating IPSec tunnel.

     

    Has anyone done any specific this configuration?

    Can you give me a description of the configuration? Thank you

0 Likes Likes
3 REPLIES 3

PavelK
Cyber Elite
Cyber Elite

‎11-06-2021 12:54 AM

Thank you for posting question @Felixcao

 

My interpretation of what is written in documentation is: by selecting check box: "Add GRE Encapsulation" Firewall will add GRE Header (IP Protocol 47) between ESP and traffic going to the tunnel interface. For example TCP Traffic routed to the Tunnel interface where you configured IPsec will get first encapsulated into GRE, then into ESP. This configuration is there in place for example if you have on the other side regular Cisco router running running Tunnel interface in: " tunnel mode gre" with attached: "tunnel protection ipsec profile".

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

m.dmitriev
L0 Member
In response to PavelK

‎11-23-2021 07:45 AM

Should the GRE interface be on the PA side or will it be sufficient on the other side, for example on the Mikrotik or Cisco side?

Has anyone configured GRE over IPSEC between PA and Mikrotik? Please share an example of a working configuration.

0 Likes Likes

PavelK
Cyber Elite
Cyber Elite

‎11-29-2021 04:52 PM

Thank you for the message @m.dmitriev 

 

The GRE encapsulation should be enabled on both sides. Without both sides having GRE in place, the traffic that gets encapsulated by GRE on one side would not be able to get decapsulated on the other side of the tunnel. Regarding your second question, unfortunately, I do not have any hands on experience with Mikrotik.

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 3346 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks