Routing traffic from Site B to Site A using IPSEC over a GRE Interface



  • Hi,

    our ISP blocks IPSEC traffic so in order to mask the ipsec traffice i have decided to create a GRE and then in it create a IPSEC tunnel.

    I have created a GRE interface between 2 sites,

    Site A is the hearquarter 10.0.0.1/24
    site B is Branch office 10.0.0.2/24

    I have create a GRE between 2 sites, Site A and Site B = Ping to each other is ok
    Then i created an IPSEC tunnel using the 10.0.0.1 <> 10.0.0.2 and Ipsec tunnel in P2 transport mode. = Tunnel established

    Created GRE GateWay in Site A as 10.0.0.1 and Site B 10.0.0.2
    Created Static route in Site B as 192.168.40.0/24 use GRE10.0.0.2 GW
    Created Static Route in Site A as 192.168.3.0/24 use GRE 10.0.0.1 GW
    Ping to the network vice versa is OK,
    The Add a outbound NAT rule in Site A to throw everything from 192.168.3.0/24 to the SITE A WAN

    But when i do a Tcp dump and ping one of the machines from Site B in Site A I see that the Traffic is not encapsulated
    I think i am missing some sort of routing rules.
    My final goal is to make all traffic including related to internet to go through the Site A WAN

    Kindly Assist,
    Many Thanks.

    Screenshot_4.png



  • Hi,
    I found a tutorial on YouTube which shows that the IPSec tunnel in created by wan to wan instead of GRE to GRE

    Doesn't this negate the purpose on masking the IPSec with GRE?

    Youtube Video

    Any hints?
    Rgd


Log in to reply