Re: GRE over IPSEC

Rafal_Oracz · ‎2024-08-27

Hi,

Has anyone managed to build GRE through an IPSEC tunnel?

I tried both: domain and route based IPSEC.

All I can achive is GRE traffic seen within vpnt interface, but it seems to blackhole traffic since I cant see any IPSEC traffic going out the gateway.

If it is possible, I prefer domain based IPSEC but it seems that gateway has problem with redirecting its own GRE traffic to IPSEC tunnel.

the_rock · ‎2024-08-27

Last time I got it working was back in R76, have not tried it after that. Not sure if things changed drastically since then when it comes to GRE, but what is the drop if you see any? Is there specific log?

Its 100% supported, so I would certainly check things I mentioned.

Andy

https://community.checkpoint.com/t5/Security-Gateways/GRE-Tunnel/td-p/64838

Lesley · ‎2024-08-27

https://support.checkpoint.com/results/sk/sk90060

-------
If you like this post please give a thumbs up(kudo)! 🙂

CheckPointerXL

i had to configure a new FW, one to perform GRE, the other one IPSEC

spent lot of weeks but it seems not possible with one FW to perform both operations

PhoneBoy

It should be noted that GRE traffic, especially originating from the gateway itself, is not SecureXL friendly.
It will always go slowpath/F2F.

Chris_Atkinson

Why would you want GRE+IPSec if you have native route based VPN, is it some use case involving multicast?

CCSM R77/R80/ELITE

Rafal_Oracz

Thanks all of you for answers.

Suddenly it started to work when I tried to swtich to route based VPN, but finnaly it works on default domain based VPN.
This configuration is needed to connect to mobile Private APN.

Are you a member of CheckMates?

GRE over IPSEC