This caused headaches as it needed slightly different configuration to normal. ip mtu not being set here was the cause of things sort-of-but-not-quite-working.
Normally with Cisco to Cisco over IPSEC we’d add “ip tcp adjust mss-1392” to the Tunnel interfaces either side.
This is the config that worked in the end.
GRE Juniper router side
=======================
interfaces {
lo0 {
unit 0 {
family inet {
address 192.168.255.1/32;
}
}
}
gr-1/1/10 {
unit 2 {
clear-dont-fragment-bit;
description "-= Gre Tunnel to Remote Office =-";
tunnel {
source 192.168.255.1;
destination 192.168.255.2;
}
family inet {
mtu 1400;
address 10.0.0.2/30;
}
}
}
}
routing-options
static {
route 192.168.255.2/32 next-hop [IPSEC FW Addr];
}
}
---------
GRE Cisco Side
==============
interface Loopback1
description * Loopback for GRE Tunnel source/endpoint *
ip address 192.168.255.2 255.255.255.255
interface Tunnel2
description * GRE Tunnel to Juniper GR-1/1/10.2 *
ip address 10.0.0.1 255.255.255.252
ip mtu 1400
load-interval 30
tunnel source Loopback1
tunnel destination 192.168.255.1
hold-queue 2000 in
hold-queue 2000 out
! Route GRE endpoint via IPSEC FW
ip route 192.168.255.1 255.255.255.255 [IPSEC FW Addr]
Reference config for normal Cisco – Cisco.
interface Tunnel2 description * GRE Tunnel to Remote site int tunnel2 * bandwidth 2000 ip address 10.0.0.1 255.255.255.252 ip tcp adjust-mss 1392 load-interval 30 tunnel source Loopback1 tunnel destination 192.168.16.13 hold-queue 2000 in hold-queue 2000 out