No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Router/NE20E-S2F(V800R008C10SPC500)Can’t establish Gre over IPsec between NE20 to AR201

Publication Date:  2017-11-29 Views:  149 Downloads:  0
Issue Description

Version information

Network topology diagram


 Configure the script

no( customer want configure Gre over IPsec  between  NE20 to AR)

Failure phenomenon
the customer needs a configuration case


Handling Process

The customer wants a configuration case.

In the laboratory test, after the success,Configuration send to customers.


Provide configuration to customers(NE device)

service-location 1
location slot 3
service-instance-group 1
service-location 1

acl number 3002
rule 10 permit ip vpn-instance ArCaTemp source 0 destination 0     //As you want to test ping, so you need to permit “ip” but not only “gre”. And you need to involve “vpn-instance ArCaTemp” in rule.

ike proposal 41
encryption-algorithm aes-cbc 256
dh group14
authentication-algorithm sha2-512
integrity-algorithm hmac-sha2-256

ike peer test1
pre-shared-key cipher %^%#*X$jBvoVe)C9}3/h%i=SV/rTSakyGTm"OK8`4G"A%^%#
ike-proposal 41
undo version 2
remote-address vpn-instance ArCaTemp
sa binding vpn-instance ArCaTemp    // Here you need to add command “sa binding vpn-instance ArCaTemp”.

ipsec proposal test1
esp authentication-algorithm sha1
esp encryption-algorithm aes 256

ipsec policy test2 1 isakmp
security acl 3002
ike-peer test1
proposal test1

interface GigabitEthernet0/3/13
description ARKA_BeeLine_Temp
undo shutdown
ip binding vpn-instance ArCaTemp
ip address
undo dcn
binding tunnel ipsec

interface LoopBack2
ip binding vpn-instance ArCaTemp
ip address
target-board 3
binding tunnel gre

interface Tunnel3/0/1
ip address
tunnel-protocol gre
source LoopBack2
destination vpn-instance ArCaTemp
interface Tunnel3/3/1
description to_Cust104.1-WAN-R2
ip binding vpn-instance ArCaTemp
ip address unnumbered interface GigabitEthernet0/3/13
tunnel-protocol ipsec
ipsec policy test2 service-instance-group 1

ip route-static vpn-instance ArCaTemp Tunnel3/3/1  // Here should be Tunnel3/3/1 but not GigabitEthernet0/3/13.