GRE IPSec to Cisco IOS



  • I am trying to setup a connection to our service provider, Optus, for a specialized service. They have provided an example config for a Cisco, can any one tell me if I achieve the same thing with pfSense?

    Sample config:

    
    crypto isakmp policy 10
     encr 3des
     authentication pre-share
     group 2
    exit
    
    crypto ipsec transform-set TheirCompany_Transform esp-3des esp-sha-hmac
    
    crypto isakmp key VerySecretKey address <their public="" ip="">ip access-list extended TheirCompany_Encrypt
     permit gre host <my public="" ip="">host <their public="" ip="">exit
    
    crypto map TheirCompany_IPSec 10 ipsec-isakmp
     set peer <their public="" ip="">set transform-set TheirCompany_transform
     set pfs group2
     match address TheirCompany_encrypt
    exit
    
    interface Tunnel0
     description : IPSec encryted GRE to TheirCompany
     ip unnumbered <external interface="">tunnel source <external interface="">tunnel destination <their public="" ip="">crypto map TheirCompany_IPSec
    exit
    
    interface <external interface="">crypto map TheirCompany_IPSec
    
    ip route 10.10.20.0 255.255.255.0 Tunnel 0
    
    ! <external interface="">This is the internet facing or a loopback interface
    ! with an internet routable address.
    
    ! <my public="" ip="">this is the IP address for your Cisco router Internet connection.
    ! This IP address will be a static Internet routable address used to terminate IPSec.</my></external></external></their></external></external></their></their></my></their> 
    

    They have also informed me of the config at their end, if it helps

    
    crypto isakmp policy 10
     encr 3des
     authentication pre-share
     group 2
    exit
    
    crypto ipsec transform-set TransformSet_3 esp-3des esp-sha-hmac 
    
    interface Loopback620
     description : Loopback for MyCompany
     ip address 172.22.83.123 255.255.255.255
    exit
    
    ip access-list extended MyCompanyCMIGGSN
     permit ip any 10.10.20.0 0.0.0.255
    exit
    
    route-map ToMyCompanyCMIUsers permit 10
     match ip address MyCompanyCMIGGSN
    exit
    
    route-map ToMyCompanyCMIUsers permit 90
     set interface Null0
    exit
    
    crypto isakmp key VerySecretKey address <my public="" ip="">ip access-list extended MyCompany_Encrypt
     permit gre host <their public="" ip="">host <my public="" ip="">exit
    
    crypto map combined_IPSec 237 ipsec-isakmp
     description : IPSec setting for MyCompany
     set peer <my public="" ip="">set transform-set TransformSet_3
     set pfs group2
     match address MyCompany_Encrypt
    exit
    
    interface Tunnel715
     description : GRE and IPSec to MyCompany
     ip unnumbered Loopback499
     ip policy route-map ToMyCompanyCMIUsers
     tunnel source Loopback499
     tunnel destination <my public="" ip="">crypto map combined_IPSec
    exit
    
    route-map ToMyCompanyNet permit 10
     set interface Tunnel715
    exit
    
    interface Tunnel481
     description : GRE to GGSN1 for MyCompany
     ip unnumbered Loopback620
     ip mtu 1500
     ip route-cache flow
     ip policy route-map ToMyCompanyNet
     tunnel source Loopback620
     tunnel destination <some other="" public="" ip="">exit
    
    interface Tunnel482
     description : GRE to GGSN2 for MyCompany
     ip unnumbered Loopback620
     ip mtu 1500
     ip route-cache flow
     ip policy route-map ToMyCompanyNet
     tunnel source Loopback620
     tunnel destination <yet another="" public="" ip="">exit
    
    route-map ToMyCompanyCMIUsers permit 10
     match ip address MyCompanyCMIGGSN
     set interface Tunnel481
    exit
    
    route-map ToMyCompanyCMIUsers permit 90
     set interface Null0
    exit</yet></some></my></my></my></their></my> 
    

    Any help or advice would be greatly appreciated.

    Thanks in advance.


Log in to reply