This caused headaches as it needed slightly different configuration to normal. ip mtu not being set here was the cause of things sort-of-but-not-quite-working.
Normally with Cisco to Cisco over IPSEC we’d add “ip tcp adjust mss-1392” to the Tunnel interfaces either side.
This is the config that worked in the end.
GRE Juniper router side ======================= interfaces { lo0 { unit 0 { family inet { address 192.168.255.1/32; } } } gr-1/1/10 { unit 2 { clear-dont-fragment-bit; description "-= Gre Tunnel to Remote Office =-"; tunnel { source 192.168.255.1; destination 192.168.255.2; } family inet { mtu 1400; address 10.0.0.2/30; } } } } routing-options static { route 192.168.255.2/32 next-hop [IPSEC FW Addr]; } } --------- GRE Cisco Side ============== interface Loopback1 description * Loopback for GRE Tunnel source/endpoint * ip address 192.168.255.2 255.255.255.255 interface Tunnel2 description * GRE Tunnel to Juniper GR-1/1/10.2 * ip address 10.0.0.1 255.255.255.252 ip mtu 1400 load-interval 30 tunnel source Loopback1 tunnel destination 192.168.255.1 hold-queue 2000 in hold-queue 2000 out ! Route GRE endpoint via IPSEC FW ip route 192.168.255.1 255.255.255.255 [IPSEC FW Addr]
Reference config for normal Cisco – Cisco.
interface Tunnel2 description * GRE Tunnel to Remote site int tunnel2 * bandwidth 2000 ip address 10.0.0.1 255.255.255.252 ip tcp adjust-mss 1392 load-interval 30 tunnel source Loopback1 tunnel destination 192.168.16.13 hold-queue 2000 in hold-queue 2000 out