ICMP/GRE

Unanswered Question

I have found that in our GRE DSL environment, client workstations cannot perform a ping or a traceroute from their dos prompts to internal Domain controller servers going over a GRE tunnel. The resources are availabe to them, however they cannot run the ping. Clients receive an "unresponsive" message. I have verified that there are no ACL's blocking the ICMP request. Wanted to know if anyone else out there may be experiencing this. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Fri, 10/26/2007 - 08:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mark


I have not seen that symptom before. Are there access lists applied on the GRE tunnel interfaces? If so could you post them?


HTH


Rick

Richard Burts Fri, 10/26/2007 - 12:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mark


ok lets try a slightly different approach. First can you confirm that other end stations are able to ping and traceroute to the Domain controller (verify that the Domain controller is not rejecting the traffic)?


Second, if an end station does a traceroute, how far do you see the responses going?


HTH


Rick

Rick,


I have confirmed that other end stations in the same Service Center where the GRE tunnel is implemented all have the same problem. On the traceroute the path goes to the peer address of the other end of the tunnel, that being the host VPN router back at Corp, and then it drops off. That output is straight off of the client cmd prompt. When I test from my local LAN connection on my machine outside of any GRE VPN tunnel configuration I can ping the DC just fine. I think this may have something to do with the encapsulation going through the VPN tunnel, what do you think?

Actions

This Discussion