# Secure GRE Tunnel ###### tags: `cisco` `gre` Steps for creating secure GRE tunnel in cisco routers. Following shows the steps and related commands used for each step to configure secure GRE tunel. ``` --------------------------------------------------- 1. configure GRE tunnel --------------------------------------------------- #interface tunne <number> #tunnel source <outside interface/IP> #tunnel destination <remote end IP> #ip address tunnel <interface IP> --------------------------------------------------- 2. configure IKE policy and pre-shared key --------------------------------------------------- #crypto isakmp enable #crypto isakmp policy #authentication <pre-share | rsa-sig | rsa-encr(pre-share)> #encryption <des | 3des> #hash <sha | md5> #group <1 | 2> #lifetime <seconds> #crypto isakmp key <keystring> address <peer-address> --------------------------------------------------- 3. ipsec transform sets (maybe also configure lifetime or leave it as default) --------------------------------------------------- #crypto ipsec transform-set <xauthransform | reomte> <esp-des> <esp-md5-hmac> #crypto ipsec secrity-association lifetime seconds <seconds> --------------------------------------------------- 4. define traffic ACL --------------------------------------------------- #access list <number ID> permit ip <source network IP> <wildcard mask> <destination network IP> <wildcard mask> --------------------------------------------------- 5. create, apply crypto maps --------------------------------------------------- #crypto map <map name> <sequencial number> ipsec-isakmp #match address <access list ID> #set peer <hostname | ip-address> #set pfs <group1 | group2> #set transform-set <transform-set-name1 ...transform-set-name#> #set security-association lifetime second <seconds> #interface <interface name for apply crypto map(tunnel #)> #crypto map <map name> ```