Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shared IP – IPSec and GRE PPTP --

    Scheduled Pinned Locked Moved IPsec
    4 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phonebuff
      last edited by

      Quick question –-

      Have a functional IPSec on one of 5 Static Addresses, now client also wants to port forward GRE and PPTP to a internal MS Windows box on that same IP.  I know the PPTP is not going to be an issue but would the IPSec tunnel conflict with a GRE port forward ?

      TIA --

      1 Reply Last reply Reply Quote 0
      • K
        Klaws
        last edited by

        IPSec and PPTP can co-exist on the same IP address.

        Cisco supports something called "GRE over IPSec". Here, the GRE traffic in hidden inside the IPSec tunnel. No problem there.

        However, Cisco also has a protocol which is something like "GRE over IPSec over GRE". This will probably prevent IPSec/PPTP co-existance on the same IP address. Of course, there's little reason for choosing such an excotic IPSec configuration - unless someone is fond of the Cisco way of doing things in the most complex way. ;-)

        • Klaus
        1 Reply Last reply Reply Quote 0
        • _
          _igor_
          last edited by

          hello klaus,

          I've been trying GRE over IPSEC to a cisco, but i failed always in some way: The IPSEC-tunnel was created, the GRE over IPSEC went up too, but data was always transferred via the standard-gateway WAN, which was wrong. So my question: Did you get this working in tunnel mode? The cisco at the other side wants it in tunnel mode, not transport mode. Could this be my misunderstanding that in transport mode (at pfsense side) it will work with the cisco? Could you give an example how to connect in tunnel mode? Or does the cisco has to be reconfigured eventually?
          It would be nice to have a howto.

          1 Reply Last reply Reply Quote 0
          • J
            jonallport
            last edited by

            @Phonebuff:

            I know the PPTP is not going to be an issue but would the IPSec tunnel conflict with a GRE port forward ?

            GRE is a protocol, not a port.  Provided you permit GRE ingress, the mapping should be handled by NAPT.

            I have to admit that I've never had a PPTP server behind pfSense (pfS does the VPN thing very well all by itself), but from my experience of this on Cisco AdvSec/K9 installations: Port forward 1723 from the WAN IP to the internal PPTP server and GRE pass any-to-LAN on the WAN ingress rules.

            Hope that helps

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.