cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1050
Views
0
Helpful
15
Replies

Connectivity Problem

sheerazkhatri
Level 1
Level 1

Hi all,

I have just finished configuring two sites over GRE tunnels. Configurations of the two sites are attached as well... My problem is that both the sites are accessing each other upto routing interface only... When I attach any machine on remote site and give the IP of pool 192.168.x.x... it never reaches there (ping timeout)... same is the case with the remote site... Remote site is accessing me on the pool 172.16.2.x but results in ping failure.. All the necessary routes are there.. gre tunnels is up.. I can ping GRE tunnel IPs as well but the problem persist.. Any help please.

Regards,

Sheeraz

15 Replies 15

lamav
Level 8
Level 8

Hi:

Can you display the output of a trace command and routing table for both routers?

Victor

Attached are the latest configurations of both ends.. I have removed unwanted information though. Thanks

Sheeraz

Sheeraz

In my post of May 24 I seem to have misunderstood which addresses were the LAN addresses that you are trying to reach. I think that I now understand that the LAN addresses are 172.16.2.0/24 and 192.168.0.0/24. Will you verify that this is correct?

Assuming that it is correct it now looks to me like the routing is set up correctly so that the LAN addresses should be reachable through the tunnel. Can you verify that from router LHR-BMW-SW-01 you can ping to 172.16.2.33? And assuming that it worked can you then try an extended ping and in the extended ping specify the same destination of 172.16.2.33 and specify the source address as 192.168.0.1?

And then can you verify that from router KHI-KOR-SW-A31-01 that you can ping to 192.168.0.1? And assuming that it worked can you then try an extended ping and in the extended ping specify the same destination address of 192.168.0.1 and specify the source address as 172.16.2.33?

These pings and extended pings will show whether the LAN of each router is reachable from a routing perspective. I think it is likely that the ping and extended ping will work. If it does work then it points to a possible problem that PCs on one side or the other do not have their default gateways configured correctly.

HTH

Rick

HTH

Rick

Rick,

You got the IP schemes correct now.... Actually LHR-BMW-SW-01 can ping and extended ping to all interface vlans of KHI-KOR-SW-A31-01... similarly KHI-KOR-SW-A31-01 can ping and extended ping all interfaces of LHR-BMW-SW-01.... Only when I try to ping PCs attached to those vlans, ping fails... I kept debugging and now thinking on the lines that it might be MTU size issue... The two sites are linked through Point to Point DSL link... So its likely that when a frame is received on any interface VLAN than because of IEEE 802.1Q tagging, the frame size might be increasing that the MTU....What do you think ?

I have gotten hold of ISP who is going to change MTU size today and will test it again... Will post the outcome. Thank you for all your replies.

Sheeraz

Sheeraz

Perhaps it is an MTU size issue and it might improve things to have the provider increase the MTU. But depending on how you do it, most ping packets are pretty small and are not likely to have MTU problems. I would suggest that you check the PCs and see what is configured as their default gateway.

HTH

Rick

HTH

Rick

Rick,

Finally my issue is resolved now. I didnt do much on the switch part as other GRE tunnels are working just fine...After loads of debugging, we found that the problem was in the modem providing WAN connectivity. It is supposed to stay in Bridging mode since GRE tunnels are created by the switches. It was in the routing mode thereby creating problem. Thank you for all the help.

Sheeraz

Stephen Berk
Level 1
Level 1

Tunnel mode encapsulation mismatch perhaps? Looks like you have GRE on one and IPIP on the other.

Steve

Since Sheeraz says that he can ping the GRE tunnel interface address I believe that the GRE tunnels are working and encapsulation mismatch is probably not the issue (though I agree that it looks suspicious).

I believe that the issue is simple routing. Router LHR-BMW-SW-01 has VLAN subnet of 192.168.1.0/24. Router

KHI-KOR-SW-A31-01 does not have a route for that subnet. It does have a route for 192.168.0.0/24 pointing through the tunnel. But not for 192.168.1.0. I believe that attempts to get to 192.168.1.0 are routed out the default route of ip route 0.0.0.0 0.0.0.0 172.16.0.25. And I suspect that going to 172.16.0.25 does not get to the right place, and would certainly not be encapsulated in GRE.

HTH

Rick

HTH

Rick

Thank you very much for the replies... I have attached the updated configuration that include the routing tables as well...I have corrected the interface vlan 1 IP address as well ... But still no results. Router LHR-BMW-SW-01 can ping all the interface vlan address of KHI-KOR-SW-A31-01 but it cannot ping any host addresses attached to those vlans... similarly 192.168.0.1 I can ping from KHI-KOR-SW-A31-01 but not the other host addresses .2, .3, .4 etc... No ACL as well. Any further suggestions Please.

Sheeraz

Sheeraz

I believe that there is still a basic routing problem here. On router KHI-KOR-SW-A31-01 the LAN subnet is 10.0.136.128/29. on router LHR-BMW-SW-01 you do have a static route for that subnet as:

S 10.0.136.128 [1/0] via 10.1.15.241

but that next hop address is through the FastEthernet interface rather than through the tunnel.

C 10.1.15.240 is directly connected, FastEthernet0/1

Fix this routing issue so that the next hop is through the tunnel and let us know what happens.

HTH

Rick

HTH

Rick

Thank you for replying Rick.. I did what you suggested.. I changed the static route through tunnel... also changed the tunnel source from IP to interface fastEthernet but no results.... I can still ping all the vlan interfaces of the KHI-KOR-SW-A31-01 but cannot go beyond that.. same is true for the other side. Any further suggestions please.

Sheeraz

Sheeraz

To help us understand the current state of this problem please post the current configs of both routers and also post the output of show ip route from both routers.

HTH

Rick

HTH

Rick

As i find the following should be lan ip's on either segments.Pls clarify if its otherwise.

KHI-KOR-SW-A31-01:: lan 172.16.2.0 255.255.255.0

LHR-BMW-SW-01:: lan 192.168.0.1 255.255.255.0

Pls change the config to the above & post us the results.

Karachi- KHI-KOR-SW-A31-01

-----------------------------

int tu1

description **** Tunnel to PSC LHR ****

tunnel source Fa0/9

tunnel destination 10.1.15.242

ip route 0.0.0.0 0.0.0.0 172.16.0.25

ip route 192.168.0.0 255.255.255.0 tu1

++++++++++++++

LHR - LHR-BMW-SW-01

-----------------------

int tu1

description ***** Tunnel to PSC KHI *****

tunnel source fa0/1

tunnel destination 10.0.136.130

ip route 0.0.0.0 0.0.0.0 203.23.233.23

ip route 172.16.2.0 255.255.255.0 tu1

Also, u can use unnumbered interface command on both tunnel interfaces instead of exclusive

ip's.Am not sure why the other 1 route is present in both the configs.& dont specify tunnel modes explicitly.

Pls change the config to the above & post us the results, with the other minute details being the same.

Rate if this helps!!!

michael.leblanc
Level 4
Level 4

Do you have ACLs applied to the internal interfaces?

If so, apply inspection on the Tunnel interfaces to facilitate the returning traffic (ping reply, etc.).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco