In this article we will configure GRE/IPSEC tunnels. These are used in cases where there is a desire to run routing protocols across a VPN connection. This article is useful for CCNP (ISCW) and CCSP studies.

First we will create our ISAKMP Policy, then we will create a key and associate it with a peer, next we build our Transform Set, then the ACL with traffic to be encrypted, followed by the Crypto Map and finally to the Tunnel interface configuration.

Here’s our ISAKMP Policy:

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5

We set the encryption to an AES 256 bit key, use pre-shared authentication (keys) and Diffie-Hellman Group 5.

Next we create a key and associate it with a peer:

crypto isakmp key  Sup3rS3cr3tK3y address

Now we build the Transform Set:

crypto ipsec transform-set secure_transform esp-aes esp-sha-hmac

Next we make our ACL:

ip access-list extended GRE_IPSEC_TRAFFIC
 permit gre host host

This is catching GRE traffic from (us, the source) to (our peer, the destination).