IPSEC over GRE is it supported?

**boris.minakov** · 08-09-2019, 07:04 AM

Dear Team,
I have created a GRE tunnel between UT and Mikrotik

GRE works fine

Now I have created IPSEC policy over GRE
as soon as i enable IPSEC configuration stops working, in IPSEC I use:

Mode: Transport
Remote network - Mikrotik_External_IP/32
Local Network: UT_External_IP/32

VPN state says active, but no ping or trace route can be done
If i disable IPSEC and leave only GRE it starts working again

Please advise if this configuration is possible? (IPSEC over GRE)

The idea is to have OSPF routing, ospf works over GRE.
But i want to encrypt traffic, so OSP does not work with IPSEC only

Thats why i want to try IPSEC over GRE

**jcoffin** · 08-09-2019, 08:10 AM

Your network settings are incorrect.

Remote network - Mikrotik_Internal_IP/<LAN Netmask>
Local Network: UT_Internal_IP/<LAN Netmask>

**boris.minakov** · 08-09-2019, 09:28 AM

Dear Jcoffin, in mikrotik when you try to encrypt IPSEC over GRE, External ip addresses are used in local and remote network

When you try to make only IPSEC (no GRE) than for site to site you should only point internal and remote networks

But in IPSEC only routing protocol wont work, so i need IPSEC over GRE
Please advise correct config

Also IPSEC Phase 2 status is established, for both Mikrotik and UT
But GRE addresses can not be pinged (from MK to UT and from UT to MIK)

If i disable IPSEC, ping goes normally

IPSEC and Routing
https://community.cisco.com/t5/switc...s/td-p/2089573

Thread: IPSEC over GRE is it supported?

LinkBack

Thread Tools

IPSEC over GRE is it supported?

Posting Permissions