|
|
|
|
|
Posted by Dimitri Petrovich on June 6, 2005, 5:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
I am testing an IPSEC VPN site to site on PIX 515 6.3(4)
Behind each PIX, I've got a router having all the routes to the inside
networks.
I need to have GRE traffic to get into the VPN. So, to achieve it, I've got
the networks where the GRE traffic to come from in my no-nat access-list and
for the ACL for VPN, I've got something like "access-list 4VPN permit ip any
any.
It looks the GRE traffic does not get through.
Questions,
1. GRE traffic, it has an IP header? is this a tcp data flow? or what?
2. Can PIX manage to VPN GRE TRAFFIC or I need to specify permit gre any any
in my ACL? Is GRE part of the generic "IP" statement in a PIX ACL for VPN?
Thank you very much,
Dima
|
 
| |
Posted by Walter Roberson on June 6, 2005, 4:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:1. GRE traffic, it has an IP header?
Yes. And your PIX 515 running 6.3(4) is only able to handle IP traffic.
[You could update to PIX 7.0 if you needed to handle non-IP traffic.]
:is this a tcp data flow? or what?
It is not a tcp data flow, nor a udp data flow, nor icmp -- it is
it's own protocol at the same level as tcp and udp.
:2. Can PIX manage to VPN GRE TRAFFIC
Yes, that should be possible.
:or I need to specify permit gre any any
:in my ACL? Is GRE part of the generic "IP" statement in a PIX ACL for VPN?
GRE is part of IP and would be included if you had permit ip
Note: GRE has no "port" and therefore cannot be used with Port Address
Translation (PAT).
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers
|
| Similar Threads | Posted | | Please Help : IPsec VPN Tunnel Established, but no Traffic | April 1, 2005, 9:47 pm |
| Can establish IPSec Tunnel but no traffic through it | March 9, 2006, 5:52 pm |
| forcing traffic over the vpn | May 28, 2008, 11:52 pm |
| What traffic is pumped through the VPN? | November 3, 2007, 7:03 pm |
| Route all traffic through Cisco VPN | October 13, 2005, 6:25 pm |
| VPN clients catches ALL network traffic... | February 28, 2005, 9:21 pm |
| Route all traffic through Netgear FVS318v3 VPN | September 28, 2005, 5:38 pm |
| WCCP on ASA & traffic between physical interfaces on ASA | February 13, 2007, 3:10 pm |
| cisco vpn connection to vpn concentrator 3000 not passing web traffic | August 21, 2006, 11:44 pm |
| IKE and IPSEC | October 10, 2007, 8:54 am |
|
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars!
Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage
on the real estate market. Whether your cabling is for home office or high-tech
leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!
Learn More
|
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map