Network local tunnels GRE

We have several of our network devices which are spread over several buildings. These devices are unmanaged to the extent of the patch and antivirus levels. I thought I'd be able to install a second VLAN on each switch these devices are connected to the, then have a GRE tunnel to pass traffic to a pair of 6500's, which are protected by an IPS.

The installation would be a 2950 with two VLANS of shared resources for a pair of distribution layer 6500's. These 6500's connect in the core of the network. Off the kernel would be this pair of 6500 protected IPS.

In our laboratory I'be put in place, but there are problems to traffic, I want to isolate to travel through the tunnel. This type of configuration is possible? all I see examples of remote sites, connection to the main network.

Thank you

John

I think Martin is asking a very good question on the routing logic. In the original post John did not indicate nothing about how it has been implemented for routing.

It seems to me that if John wants the traffic of a VLAN specific through the GRE tunnel and traffic not to go this way, that it's a fairly obvious situation for Policy Based Routing. ACB could specify that traffic from a VLAN individual should have a section on the other end of the tunnel. This would leave all other traffic to use the normal routing table and would relieve the need to run a dynamic routing through the tunnel (which would eliminate the possibility of other traffic is routed through the tunnel).

HTH

Rick

Tags: Cisco Security

Similar Questions

  • Unidentified network Local Access only on Vista Home Basic using Ethernet.

    Have 2 laptops not identified network Local Access only on Windows Vista Home Basic.  One is a Toshiba and the other is a Dell.  I can use the Ethernet on the Toshiba to one of the The Fire Dept. I work at. (From lastweek, haven't checked since.)  I can't go to the other Station.  Get Local access to the unidentified network only.  I get also home and when I checked the Dell, get the same message.  I can connect wirelessly.  How can I solve the unidentified network problem?

    Hello

    If your system is running Hello , Netmagic or any other party 3rd network try to uninstall.

    Try also.

    Type Cmd in the search text box.

    Press Ctrl-Shift-Enter keyboard shortcut to run a command as administrator prompt.  Allow the elevation.

    Type route delete 0.0.0.0 press ENTER.

    Type ipconfig/flushdns press enter

    Restart your computer.

    Jack-MVP Windows Networking. WWW.EZLAN.NET

  • Windows Vista - unidentified network Local Access only tried everything please help

    Hello

    I have an Acer Aspire M1610 running Windows Vista Home Premium Service Pack 2 and 2 days ago when I turned it on the internet was not working and it says unidentified network Local access only. I use a wired Ethernet connection. I don't know how it happened as before I had used the computer as usual and the Internet worked very well. I did a lot of research and read a few forum posts about this problem and tried a few solutions but non of them worked. I tried the following:
    (1) disable my firewall and anti-virus who didn't work, I turned their back on immediately.

    2) press Ctrl-Shift-Enter keyboard shortcut to run a command as administrator prompt.  Allow the elevation.

    Type route delete 0.0.0.0 press ENTER.

    Type ipconfig/flushdns press enter

    Restart your computer.

    (3) the internet protocol version 6 clear, disable and enable the thing

    (4) if same Norton software removal tool I had uninstalled the when I got the computer I read that uninstall it by using uninstall windows is not entirely remove it.

    (5) another thing in the command prompt I don't remember exactly what it was, and I can't find the site Web is because I looked so much of.

    (6) I even reset my computer to factory settings and then uninstalled all unnecessary software and trials that come with and used the software again Norton removal tool.

    Does anyone know how to fix this? Any response will be greatly appreciated.

    Thank you

    Hi Alex,

    Have you tried to assign the IP addresses manually?

    I wish that refer you to this article-

    http://support.Microsoft.com/kb/928233/en-us

    Note: Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs.

    Back up the registry - http://windows.microsoft.com/en-US/windows-vista/Back-up-the-registry

    Thank you.

  • unidentified network - local access only

    Hi, so I have this old Sony Vaio for four years, I used a wired internet connection for the past four years, until what we moved house and received a wireless router. our friend connected to me, and everything worked well, until I had to format the system. I tried the troubleshooting, looked through various forums, but nothing helps, like many, I understood what to do. I reset the router and it works fine on the netbook to my mom, but on the vaio, it says unidentified network - local access only. just to add, it uses a system windows vista Home premium.

    Hi Zuzanna Feliszek,

    Method 1: You can follow the steps mentioned in the link below to retrieve the Winsock2 corruption

    How to determine and to recover from Winsock2 corruption in Windows Server 2003, Windows XP and Windows Vista
    http://support.Microsoft.com/kb/811259

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base.
    How to back up and restore the registry in Windows


    Method 2:     you can follow the steps described in the article below, which deals with a similar question

    Network connectivity fails when you try to use Windows Vista behind a firewall device
    http://support.Microsoft.com/kb/934430


    Method 3:     download and install all Windows Update available (Service pack (SP) 1 and 2)
    http://Windows.Microsoft.com/en-us/Windows-Vista/install-Windows-updates

  • Installation of VM with VPN client access to the network local provents

    What is the best approach for the connection to the VPN in the following scenario?

    We want to install VM for our projects as VPN client networking (using the cisco vpn client). In many cases the VPN profile that is configured by the client is configured to prevent access to the local network, but rather the tunnels all through the VPN.

    I tried the NAT and Bridged networks and once you connect to the VPN client, the conectitivy of the virtual machine is limited to the VMWare console. SSH and other connections no longer work.

    Thanks for any idea.

    I'd VNC - that's what I use for a VM XP that uses the client VPN SecuRemote CheckPoint blocking the same way (wisely) off incoming traffic when the connection is made to the other end of the VPN.

    Just paste lines similar to the following in your .vmx file when the virtual machine is shut down:

    RemoteDisplay.vnc.enabled = TRUE
    RemoteDisplay.vnc.port = '5910 '.
    RemoteDisplay.vnc.password = 'somepassword '.
    RemoteDisplay.vnc.keymap = 'uk '.

    Note that you point your VNC client software on the IP address (and port of your .vmx file) to your server 2.0, not the virtual machine host. Use a different port for each computer virtual you need simultaneous to access.

  • How can I remove a connection from network Local to my computer?

    I have a connection to local network on my computer (XP Service Pack 3 operating system).  I had this connection turned off for awhile and I also removed the ICON on the desktop for this connection.  For many months, I noticed in the Log Viewer/system event I had a DCOM error every morning when I started my computer.  Sometimes, the computer may pause for a few seconds, the screen would go black, and the system should restart automatically--normally.  I would check the log Event Viewer/system and the DCOM error was there.  At other times, the system should boot normally until he got to the window where I select user or administrator - at this time there, the mouse would be frozen in its tracks.  A restart (by cutting the power supply to the computer) would all walk normally again.  Another check of the event log and the DCOM error occurred once more here.  I have to admit that the problems I identified here are rare visitors to my computer (no more than once or twice a week), but they are of course annoying.  So, I believe that this connection to the unused LAN is at the root of my problem.  Then I decided to activate the LAN connection, restart my computer and see if the DCOM error occurred when starting - no error has been found.  Has it done for me, I decided that the unused LAN connection must go.  I, however, have not found the magical instructions for how to remove the connection to the local network.  I read an article that told me the Device Manager where it should be delete this connection.  So I made a visit to the Device Manager and found the connection LAN listed there - I'm not sure this is the right thing to do.  I also made a visit to the network connections and clicked on the unwanted local network connection - I found that delete is dimmed.  I just seem to be lost as to how to make this connection to the local network to go.  Can someone give me help in this task?  Any help sent my way would be greatly appreciated.

    It is a sequel to my last post.  I decided, after that no response was forthcoming to this message, follow the instructions that I have included in this post more soon to try to remove the connection to the local network unwanted from my computer.  FYI, this set of instructions worked perfectly and I have over this connection to the LAN on my system.  I hope that this information will be useful to others you want to remove a local network of their Windows XP Pro SP3 system connection.

    I. M. learning

  • Wireless network local issue on Vista

    I know that this has been done to death in all directions, but I can't come up with a solution, then...

    I read dozens of messages and "fixed" the problem 'Unidentified network' and 'Access Local' on Vista, but have yet to solve.  Surely, there must be a definitive solution for this.  My situation is: laptop Toshiba L300 under Vista Home Premium SP1, working happily with our wireless ADSL router.  This laptop has an Atheros AR5007EG wireless network adapter.

    For various reasons, we have upgraded to a new router and the Toshiba only will not connect wireless to it for full internet access - it shows the status of formidable 'access. ' Local only  The new router is a Linksys X 3000, which supports wireless/n, but it is configured for mixed mode.  Security is WPA2-Personal with AES encryption.

    I tried this after reading the various "solutions":
    Upgrade Vista to SP2
    Upgrade the Atheros wireless network card drivers to version 7.6.0.126, dated 19/05/2008
    Do a clean boot
    Temporarily disable the security on the router
    The use of TKIP instead of AES encryption
    Tweaking the registry keys for the DHCP broadcast flag
    Disable DHCP and affecting a fixed IP on the laptop
    Use the netsh commands
    Configuration of the router wireless b/g only
    Nothing changes the situation.  The laptop gets a valid IP address from the router via DHCP, so that becomes much less.  It will connect to 100% fine if I plug it into the router with a cable, so the problem is with the side of things wireless.  The router has no MAC address filtering active.

    Surely, surely, there must be a definitive solution for this now - it has been around for years.  I can't believe it's so hard to identify what the problem actually is. Any guidance would be appreciated.

    I solved this problem.  I've disabled the built-in Atheros wireless network card and acquired a USB one, and all this burst into life.  If it looks like the Atheros card and/or driver is the problem. Boring, I don't have day the Atheros driver for what I thought was the most recent version.

    Anyway, as well as actually at work, the new USB adapter supports wireless/n, who can run faster, so it's all good.

  • Problems connecting Xbox 360 to computer vista laptop via ethernet connection to the network local (the laptop is connected via wifi)

    I spent a few hours trying to solve this problem, and I've been to countless forums.  They all told me to go into "Manage network connections" and right-click-properties on my connection Wi - fi.  Then they speak by clicking on the tab sharing... which I did not.  I don't know how to share my connection to the WiFi with my xbox 360.  It is supposed to be easy, but I can't realize what is designed as "highly probable."  I have a laptop Sony Vaio VGN-FW390 and Vista Home Premium. Maybe I have to set up a connection to an access point, or do a sort of thing ICS... I do not know.  I am incredibly annoyed by this, and I'd appreciate any help.  Thank you.

    Messier,
    Thank you for visiting the Microsoft Answers community forum.

    Try this and see if it works for you, it has worked for some users.
    With no cable connected between the computer and the xbox, go to control panel, network and sharing Center. You should see a "Local Area Connection", which will show disabled at this stage, and your "wireless network connection", which should show connected. Connect the ethernet cable to your laptop and the back of the xbox. Select the 'connection to the Local network. After that it is well connected, disable your 'Wireless Network Connection'. Once disabled, right click and click Properties. Go to the Advanced tab and check "allow other users of the network to connect through this computer's internet connection". Once this is done, your wireless internet connection should say shared next to the State of the connection.
    Turn on your wireless connection. Then, right click to 'connect to the Local network' and click on repair. Allow the end. test the connection on your xbox.

    Let us know how that works for you.
    Thank you
    Gloria
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • How to troubleshoot an IPSec tunnel GRE?

    Hello

    My topology includes two firewalls connected through the Internet "" (router) and behind each firewall, there is a router.

    The routers I configured a GRE tunnel that is successful, then I configured an IPsec tunnel on the firewall.

    I does not change the mode to transport mode in the transform-set configuration.

    Everything works; If I connect a PC to the router, it can ping another PC on the other router. However if I change mode of transport mode that they cannot.

    I was wondering how can I ensure that the IPSec tunnel WILL really works? How can I fix it or package tracking?

    Thank you.

    I was wondering how can I ensure that the IPSec tunnel WILL really works? How can I fix it or package tracking?

    To verify that the VPN tunnel works well, check the output of
    ISAKMP crypto to show his
    Crypto ipsec to show his

    Here are the commands of debug
    Debug condition crypto x.x.x.x, where x.x.x.x IP = peer peer
    Debug crypto isakmp 200
    Debug crypto ipsec 200

    You will see ACTIVE int the first output and program non-zero and decaps on the output of the latter.

    For the GRE tunnel.
    check the condition of the tunnel via "int ip see the brief.

    In addition, you can configure keepalive via the command:

    Router # configure terminal
    Router (config) #interface tunnel0
    Router(Config-if) 5 4 #keepalive

    and then run "debug keepalive tunnel" to see packets hello tunnel going and coming from the router.

    Kind regards
    Dinesh Moudgil

    PS Please rate helpful messages.

  • Tunnel GRE / IP Sec VPN firewall between the router Cisco and Fortigate

    Hello

    Can I do GRE Tunnel / VPN IP Sec between Cisco router and Fortigate Firewall?

    Thank you

    Hi zine,.

    As long as the Fortigate device support GRE over IPSEC, you will be able to create the tunnel between these 2 devices.

    Here is the config for the Cisco Site:

    https://supportforums.Cisco.com/document/16066/how-configure-GRE-over-IPSec-tunnel-routers

    Happy holidays!

    -Randy-

  • 1841 can route between tunnel GRE and IPSEC tunnel?

    Hello everyone!

    See the image below.

    Main office (10.0.1.0/24 LAN) and branch (10.0.2.0/24 LAN) are connected through the GRE tunnel.

    The third office (10.0.3.0/24) is attached to the second branch via IPSEC.

    Is there the way to establish the connection between the third and the main office through cisco 1841?

    Is it possible to perform routing, perhaps with NAT?

    In fact we need connection with a single server in the main office.

    Thank you

    Hello

    It is possible to build this configuration.

    the IPSEC connection between 10.0.3.x and 10.0.2.x should also encapsulate the traffic to main office.

    Steps to follow:

    Central office, to shift traffic to 10.0.3.x above the GRE tunnel.

    The second part, add the 10.0.3.x - 10.0.1.x selection of traffic to the ACL IPSEC with the third

    The third part, add the 10.0.3.x - 10.0.1.x selection of traffic to the ACL IPSEC with the second pane.

    Please rate if this helped.

    Kind regards

    Daniel

  • Run two different Tunnels GRE on 1: questions

    Hi all

    I'm having a problem of implementation of two tunnels separated running on a sole Discretion; It's possible?

    Would appreciate you advice.

    I am able to ping in the tunnel (120) using the VRF, but as soon as I add 121 tunnel that originated (not using vrf) I can ping in the new tunnel 121 but cannot ping the original tunnel 120

    Context of the installation.

    R1 - Internet - R2

    R1

    !

    IPsec KEY vrf Internet cryptographic keys

    pre-shared key address 0.0.0.0 0.0.0.0 touches

    !

    crypto ISAKMP policy 1

    BA aes

    preshared authentication

    Group 2

    lifetime 28800

    !

    invalid-spi-recovery crypto ISAKMP

    Crypto isakmp ISAKMP profile profile

    door-key KEY IPsec

    identity function address 0.0.0.0 Internet

    !

    Crypto ipsec transform-set aes - esp esp-md5-hmac trans

    transport mode

    !

    Crypto ipsec IPSEC-profile

    86400 seconds, life of security association set

    Set transform-set trans

    PFS group2 Set

    Set isakmp ISAKMP profile

    !

    !

    interface Tunnel120

    VRF forwarding mgmt

    bandwidth 256

    IP 10.169.9.81 255.255.255.252

    IP mtu of 1376

    IP tcp adjust-mss 1360

    source of Loopback810 tunnel

    tunnel destination xxx.xxx.xxx.xxx

    tunnel vrf Internet

    Shared tunnel ipsec IPSEC-profile protection profile

    !

    R2 reflects this config, but as soon as I add tun 121 with the following configuration I get connectivity to the 121

    tunnel of 121 that I configured as follows:

    interface Tunnel121

    IP 10.190.12.249 255.255.255.252

    IP mtu of 1376

    IP tcp adjust-mss 1360

    source of Loopback810 tunnel

    tunnel destination xxx.xxx.xxx.xxx

    tunnel vrf Internet

    Shared tunnel ipsec IPSEC-profile protection profile

    !

    Please advice if I make mistakes?

    Also I would like to know if you need more information on this.

    Thanks in advance,

    No, I mean the following:

    interface Tunnel120

    key to tunnel 120

    interface Tunnel121

    121 tunnel key

    --
    Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
    http://www.Kiva.org/invitedBy/karsteni

  • VPN site to Site with tunnel GRE on SAA

    Hi all

    I have a firewall of series ASA5500 and built a vpn site-to site on it with my counterpart. Now that my side wishes to receive messages of multicast on the other side through the tunnel WILL on the VPN Site to Site built.

    I know that the ASA5500 series cannot act as a GRE tunnel endpoint. Do we need to add a cisco firewall the router to receive multicast messages? Or can we just do the free WILL pass through the firewall on a computer or server?

    Thank you

    You are right that the ASA cannot put an end to the GRE Tunnel. You need a second device behind the ASA to complete that. Usually a router is used for this. But it doesn't matter what type of device, it's that the GRE tunnel long is supported. So it could be also a Linux-box or something like that. Personally, I'd use a router IOS for this.

    Sent by Cisco Support technique iPad App

  • Routing OSPF on a VRF with Tunnel GRE ISAKMP

    Hello

    I'm trying to implement a routing OSPF on a VRF using GRE Tunnel with ISAKMP encryption.

    Almost everything works fine:

    1 OSPF routing incl. VRF - perfect

    2. distribution of routing OSPF using the GRE Tunnel and VRF - perfect

    3 ISAKMP encryption - I think I've done one or several mistackes.

    On the attaced file, you might find the Excel sheet, which includes router configurations and a scetch of netzwork.

    I would be very happy if someone could solve my problem or give me a hint.

    Thank you very much.

    Hi Kai,

    your key ring is not in the good vrf - note that there is a difference between the FVRF and the IVRF, see

    In case you, ISAKMP traffic is sent on / arriving on the interface F0/1.10 so the FVRF is the global vrf, and therefore the set of keys should be in global vrf.

    In other words replace this:

    VRF crypto keyring Customer_10_Keyring Customer_10

    with:

    door-key crypto Customer_10_Keyring

    BTW, the above document also has an example on how to use 'tunnel of protection', so you no longer have to use a card encryption. Actually I'm not 100% if it is supported to the GRE/IPsec with VRF without using protection tunnel, so maybe try that if you still have problems.

    HTH

    Herbert

  • Satellite Pro L300 PSLB9E: 100Mbit instead of connecting to the network local 1000Mbit WinXP

    Downgraded to WinXP.
    Have downloaded all the drivers available from Toshiba support, but still cannot get the speed of 100Mbit connection. I guess it's an another downgrade of the bios needed to support the XP operating system?

    Hello

    Your laptop supports Ethernet 10/100 Base-TX.
    This means that the network card supports the standard of 10 Mbps and 100 Mbps.

    I put t know why you expect at a higher speed, but the 100 Mbps is the maximum value for this chip to Base - TX LAN Realtek 10/100

    Welcome them

Maybe you are looking for