GRE tunnels with Cisco devices

  • Hello,
    in an effort to find a workaround to the pfsense 2.1 ipsec bug, I managed to fire up a GRE tunnel between pfsense and a cisco router. Sadly that hasn't worked due to an GRE encapsulation mismatch, being the cisco endpoint expecting an IP type GRE encapsulation, whereas pfsense is only offering WCCP type GRE encapsulation.

    Is there a way to get it to work with IP type encapsulation? Any advice to create a tunnel compatible with a cisco device, until a patch for bug #3321 is found, is appreciated.

  • Double check your rules.  It might not be an encapsulation problem as so much as a rules issue.  I have just setup a Cisco to PFSense GRE tunnel and was having trouble.  I searched the forums, found your post and started thinking I was having the same issue.  But when I looked at my interface status, I saw that I had packets coming into the GRE interface but they were getting blocked.  I put an "any any" rule on the opt interface that I associated to the GRE interface and the tunnel came up to my Cisco 7206 router.  It turns out GRE needs to be allowed not only through the WAN but also the OPT interface you assign to the GRE interface.  I see this posting is several months old so if you still need any help post back and I'd be happy to assist.

Log in to reply