cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
727
Views
0
Helpful
13
Replies

GRE tunnel problem

mohammady
Level 1
Level 1

I have applied the below confgs on two remote cisco routers connected to internet,the tunnel status is up up but I cant ping the tunnel ip address,what might be the problem??

Router1:

int tunnel 1

tunnel source s0/0

tunnel destination x.x.x.x (f0/0 of R2)

Router2:

int tunnel 1

tunnel source f0/0 (real ip)

tunnel dest x.x.x.x (s0/0 of R1)

Thanks

13 Replies 13

Marwan ALshawi
VIP Alumni
VIP Alumni

do u have routing protocol configured?

have u included the tunel interfaces in ur routing

also put the tunnel mode

god luck

I dont have routing protocol also I use the default tunnel mode

You need to have a valid route for the tunnel destination in the routing tables for it to come up try:-

HTH>

the tunnel stat is up up but I cant ping the other end??for the route I have a default route on both routers.....

OK - what is the topology between the 2 devices?

the two routers connected to service provider routers (internet connection)

Are there any other devices in between the routers - firewalls, VPN's etc??

really I dont know ,it is the service provider network>>>how can I make sure that the tunnel is working properly....???

To be honest - you need to know this.

As you will be using RFC1918 internal IP addresses. So you will NAT or your provider might NAT for you - you need a routable source and destination for the tunnel to work. You also need to know if there any devices in between the connection between the 2 sites that could be blocking the runnel. What is the connection to the internet?? MPLS? Frame-Relay? ADSL ??

Right now you don't have enought information - you need to do some digging.

HTH>

one of them has dedicated E1 connection and the other one connected to a second router in possession of our service provider and then to internet...

R1--->E1

R2--->service provider Router --->internet

The issue will either be - a NAT problem or a device at either end or both ends it blocking protocol 47 - GRE, or a routing issue

Check your NAT and filtering rules, and your routing.

HTH>

the tunnel stat is up up >>>what this implies??

it implies nothing really, only the interface that is the source is know and up/up and that the router has a valid "live" route in it's routing table for the destination.

Just for you - configure your end with the following:-

int tun1

keepalive 1 3

Then close the tunnel and re-open it....does it come back up/up ????

At the end of the day you can trick a tunnel into being up/up if you have the time and a spare router with 1 ethernet interface do this:-

do not connect any cables to the ethernet interface.

Give the interface an ip address of 192.168.1.1/24

create a tunnel 1

tunnel source <>

tunnel destination 192.168.2.1

ip route 192.168.2.1 255.255.255.255 <>

and here is the magic - in the ethernet interface configure "no keepalive" this tricks the interface to come up/up - the there wiull be a connected interface in the routing table of 192.168.1.0/24

As you have a configured static route 192.168.2.1 out of the ethernet interface - there will be a static route in the routing table. As the tunnel can see a valid route - without keepalives, it will bring the tunnel up!

Try it out - great fun.

Your issue is still the path from 1 site to the other site and going over the internet I presume, you have nat issues, blocking issues or just plain connectivity/routing issues.

HTH>

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: