GRE tunnel

Unanswered Question
Apr 18th, 2007
User Badges:

I am trying to configure an encrypted GRE tunnel between two routers connected via DSL. The tunnel interfaces are up up on both routers. I am not able to reliably PING the tunnel interface on the main router while I am connected to that router. I can?t figure out what is going on.

The router shows the tunnels IP address is directly connected. Why can?t I PING this address reliably?

Thanks,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Wed, 04/18/2007 - 08:14
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Chris


There may be several things which could be the reason for this. First I think is the fact that depending on how you configure the tunnel (whether you specify GRE keepalive or not) the default is for the GRE tunnel to show as up/up as long as the router has a viable route to the tunnel destination. So a GRE tunnel up/up does not necessarily mean that it is passing traffic.


Second is that with point to point interfaces when you ping the local interface the router will actually send the ping packet out the interface and over the link so that the neighbor receives the ping request and forwards it back (and a similar process for the response). So pinging your own interface is more complicated than it is for something like Ethernet.


I am not clear when you say that "I am not able to reliably PING the tunnel interface" whether means that sometimes it works and sometimes not or does it mean that you can not ping it at all? I believe that the approach to troubleshooting will depend on whether it is sometimes working or never working.


HTH


Rick

minumathur Wed, 04/18/2007 - 08:26
User Badges:
  • Bronze, 100 points or more

Hi


Following things need to be check


1) Configure Keepalive both side same

2) check the routing

3) perform traceroute/ping for fault resolution.


i think this will help you out. please rate this post.


-Minu

mohammedmahmoud Wed, 04/18/2007 - 08:32
User Badges:
  • Green, 3000 points or more

Hi there,


By default GRE tunnel keepalive is disabled, accordingly it seems that the tunnel is illusionary UP/UP (as long as the tunnel destination is reachable in the routing table) and thats why you cant ping, so kindly enable keepalives and we shall see the case.


HTH,

Mohammed Mahmoud.


chris.damore Wed, 04/18/2007 - 10:02
User Badges:

After I added "keepalive 3 3" to both tunnel interfaces, the interfaces went up down.

Please see attachment for config.

Thanks,

Chris



Attachment: 
mohammedmahmoud Wed, 04/18/2007 - 10:12
User Badges:
  • Green, 3000 points or more


Hi Chris,


Can you ping the tunnel destinations from the opposite ends.


BR,

Mohammed Mahmoud.

chris.damore Wed, 04/18/2007 - 11:06
User Badges:

I am not able to PING the tunnel destinations.

Are my routes correct in the attachments I posted before?

Thanks,

Chris

Harold Ritter Wed, 04/18/2007 - 11:17
User Badges:
  • Cisco Employee,

The static routes appear to be correct as such but it is hard to determine what the issue is without knowing how many hops are in between the two routers and how they are configured.


Hope this helps,

chris.damore Wed, 04/18/2007 - 11:28
User Badges:

I am not able to PING the default gateway for the Manchester location from the manchester router.

mohammedmahmoud Wed, 04/18/2007 - 11:53
User Badges:
  • Green, 3000 points or more

Hi Chris,


It seems that you have a routing problem between the 2 routers and accordingly the tunnel can't get up, you'll need to traceroute from both ends to find out where is the routing broken and fix this problem.


HTH,

Mohammed Mahmoud.

Richard Burts Wed, 04/18/2007 - 18:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Chris


If you are not able to ping the default gateway that would be the place to start troubleshooting. I would suggest to check for physical connectivity issues first. Assuming that physical connectivity looks ok then I would probably see if cdp is enabled (from the configs you posted it should be) and if so does the router see the gateway as a cdp neighbor. It would also be helpful to check the ARP table and verify whether the router has an ARP entry for the gateway address.


HTH


Rick

Richard Burts Wed, 04/18/2007 - 11:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Chris


As Harold points out the partial configs that you posted are internally consistent and look ok. For example the static route:

ip route 216.41.92.158 255.255.255.255 155.212.77.193

correctly defines the destination address and defines a next hop that appears to be in the subnet of a physical interface. So it looks good to us. There is no way for us to know whether 155.212.77.193 has a route to 216.41.92.158. From the behavior I am guessing that it does not. Can you verify this?


HTH


Rick

Harold Ritter Wed, 04/18/2007 - 10:16
User Badges:
  • Cisco Employee,

Try troubleshooting basic IP connectivity between the tunnel endpoints using extended ping.


Hope this helps,

Wilson Samuel Thu, 04/19/2007 - 11:19
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Mobile User, July 2015

Hi,


Agree with Hritter, why don't you do a tracert (extended would be much better) and paste the output so that we may know where exactly the packet is dropping and why.


Regards

chris.damore Thu, 04/19/2007 - 12:52
User Badges:

This issue has been resolved. The provider had to make some changes on their side.

Thanks for all of everyone help!!!!!

Actions

This Discussion