IPSEC VPN with Loopback Interface

DGilmore · February 10, 2015, 10:44am

Hi,

I have setup numerous IPSEC VPNS on my 1350 in the past but this particular one has me stumped, here is the IOS configuration:

Our WAN will be 34.252.147.230 and please see below configured at our end. Once your side is configured the tunnel should come up. You will need to have a loopback 34.184.255.45 configured at your end. Please use 34.184.253.170/30 for tunnel interface IP.

interface Tunnel14
description VPN to Veripos Singapore
ip address 34.184.253.169 255.255.255.252
ip mtu 1420
ip flow ingress
ip tcp adjust-mss 1380
load-interval 30
keepalive 3 10
tunnel source 34.185.192.250
tunnel destination 34.184.255.45
end

crypto isakmp key XXXXXXXXX address 124.66.131.158

crypto map to_VPN 128 ipsec-isakmp
description GRE TO Veripos Singapore ]
set peer 124.66.131.158
set transform-set 3DES-SHA
match address GRE-TO-VER-SIN

ip route 34.184.255.45 255.255.255.255 34.252.147.254 name Veripos_SIN_LoopBack
ip route 34.184.194.192 255.255.255.192 Tunnel14 name Veripose_SIN_Data

ip access-list extended GRE-TO-VER-SIN
permit gre host 34.185.192.250 host 34.184.255.45

Can you advise what I need to do to set this up especially the loopback part?

Thanks,

Dave.

TK_Liew · February 10, 2015, 12:08pm

Hi Dave,

Can you share what you are trying to achieve? Based on the Cisco configuration above, you are trying to setup GRE instead of IPSec tunnel. I don’t see IPSec phase 1 proposal as well.

Can you share network diagram with IP addresses above also?

DGilmore · February 10, 2015, 12:35pm

TK,

I am not too familiar with the remote end…here is the topolgy:

Thanks!

Dave.

DGilmore · February 10, 2015, 1:06pm

I guess my question really should be can I establish a GRE Tunnel from the 710? 6.1.2 build 3071

TK_Liew · February 10, 2015, 1:15pm

Hi Dave,

Thanks for the diagram. Below is my assumption, do correct me if I am wrong:-

You need inter-access between subnet 34.184.194.192/26 and subnet behind Cisco router.
You need to build GRE tunnel between B710 and Cisco router. GRE is supported in v6.2 GA. You may test it on v6.2 RC.
34.185.192.250 is Cisco router loop back interface (if you can get this info)?
34.252.147.254 is Cisco router gateway (if you can get this info)?

DGilmore · February 10, 2015, 1:19pm

Tk,

I think all of the above is correct given the IOS configuration posted above

I also need a 34.184.255.45 loopback address at my side and a tunnel interface IP: 34.184.253.170/30

How do we proceed?

Thanks,

Dave.

DGilmore · February 10, 2015, 1:20pm

We should connect to the Cisco via WAN address 34.252.147.230.

DGilmore · February 10, 2015, 1:54pm

TK,

I have installed the Firmware RC, How do I go about building the GRE tunnel please?

Thanks,

Dave.

TK_Liew · February 10, 2015, 3:50pm

Hi Dave,

Please go http://<Your device’s IP>/cgi-bin/MANGA/support.cgi and enable GRE.

Configure GRE as below.

Please ensure change tunnel destination <B710 WAN IP> in Cisco router.

Hope this help.