G
Guest
Guest
Archived from groups: comp.dcom.sys.cisco,comp.dcom.vpn (More info?)
Hello,
I am testing an IPSEC VPN site to site on PIX 515 6.3(4)
Behind each PIX, I've got a router having all the routes to the inside
networks.
I need to have GRE traffic to get into the VPN. So, to achieve it, I've got
the networks where the GRE traffic to come from in my no-nat access-list and
for the ACL for VPN, I've got something like "access-list 4VPN permit ip any
any.
It looks the GRE traffic does not get through.
Questions,
1. GRE traffic, it has an IP header? is this a tcp data flow? or what?
2. Can PIX manage to VPN GRE TRAFFIC or I need to specify permit gre any any
in my ACL? Is GRE part of the generic "IP" statement in a PIX ACL for VPN?
Thank you very much,
Dima
Hello,
I am testing an IPSEC VPN site to site on PIX 515 6.3(4)
Behind each PIX, I've got a router having all the routes to the inside
networks.
I need to have GRE traffic to get into the VPN. So, to achieve it, I've got
the networks where the GRE traffic to come from in my no-nat access-list and
for the ACL for VPN, I've got something like "access-list 4VPN permit ip any
any.
It looks the GRE traffic does not get through.
Questions,
1. GRE traffic, it has an IP header? is this a tcp data flow? or what?
2. Can PIX manage to VPN GRE TRAFFIC or I need to specify permit gre any any
in my ACL? Is GRE part of the generic "IP" statement in a PIX ACL for VPN?
Thank you very much,
Dima