No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Router/NE20E-S2F(V800R008C10SPC500)Can’t establish Gre over IPsec between NE20 to AR201

Publication Date:  2017-11-29 Views:  69 Downloads:  0
Issue Description

Version information
NE20E-S2F
V800R008C10SPC500
AR200
V200R005C20SPC200

Network topology diagram


 

 Configure the script

no( customer want configure Gre over IPsec  between  NE20 to AR)

Failure phenomenon
the customer needs a configuration case

 



Handling Process

The customer wants a configuration case.

In the laboratory test, after the success,Configuration send to customers.

Solution

Provide configuration to customers(NE device)

service-location 1
location slot 3
#
service-instance-group 1
service-location 1

acl number 3002
rule 10 permit ip vpn-instance ArCaTemp source 108.108.108.108 0 destination 60.60.60.60 0     //As you want to test ping, so you need to permit “ip” but not only “gre”. And you need to involve “vpn-instance ArCaTemp” in rule.

ike proposal 41
encryption-algorithm aes-cbc 256
dh group14
authentication-algorithm sha2-512
integrity-algorithm hmac-sha2-256

ike peer test1
pre-shared-key cipher %^%#*X$jBvoVe)C9}3/h%i=SV/rTSakyGTm"OK8`4G"A%^%#
ike-proposal 41
undo version 2
remote-address vpn-instance ArCaTemp 10.162.10.6
sa binding vpn-instance ArCaTemp    // Here you need to add command “sa binding vpn-instance ArCaTemp”.

#
ipsec proposal test1
esp authentication-algorithm sha1
esp encryption-algorithm aes 256
#

ipsec policy test2 1 isakmp
security acl 3002
ike-peer test1
proposal test1
#

#
interface GigabitEthernet0/3/13
description ARKA_BeeLine_Temp
undo shutdown
ip binding vpn-instance ArCaTemp
ip address 10.162.10.15 255.255.255.128
undo dcn
binding tunnel ipsec

#
interface LoopBack2
ip binding vpn-instance ArCaTemp
ip address 108.108.108.108 255.255.255.255
target-board 3
binding tunnel gre
#

interface Tunnel3/0/1
ip address 10.170.1.2 255.255.255.0
tunnel-protocol gre
source LoopBack2
destination vpn-instance ArCaTemp 60.60.60.60
#
interface Tunnel3/3/1
description to_Cust104.1-WAN-R2
ip binding vpn-instance ArCaTemp
ip address unnumbered interface GigabitEthernet0/3/13
tunnel-protocol ipsec
ipsec policy test2 service-instance-group 1

ip route-static vpn-instance ArCaTemp 60.60.60.60 255.255.255.255 Tunnel3/3/1 10.162.10.6  // Here should be Tunnel3/3/1 but not GigabitEthernet0/3/13.

END