Traffic not going through GRE Tunnel without manually shut and no shut

Unanswered Question
Jan 27th, 2009

Hi Guys,

i Have one 2851 router at one of our Customer HO which is connected to remote locations through Lease line via GRE Tunnel. HO has two connectivities. Primary through Lease Line and Secondary through Metro Ethernet. We have configured two GRE Tunnel taking source as both different Media i.e for primary tunnel source - one /30 block routed only towards Lease line by ISP and for secondary tunnel different /30 block routed towards backup Metro ethernet link.

Problem we are facing is , as we make Lease line down , All primary tunnels goes down ,traffic shift to backup tunnels and locations starts working and later if primary link cames up then primary tunnel cames up we are able to ping tunnel source and destination both from HO router and location router but we are not able to ping Tunnel ip address at other end

HO end

int tun 0

ip add

tunnel source x.x.x.x

tunnel destination y.y.y.y

remote end

int tun 0

ip add

tunnel source y.y.y.y

tunnel destination x.x.x.x

we are able to ping x.x.x.x taking source y.y.y.y but not able to ping from HO router and not able to ping from remote loc. router.

Customer Router is Cisco 2851.

Tunnels are configured with Keepalives to make auto failover from primary tunnels to secondary tunnels

Please suggest is this a problem with router IOS or what.


Rahul Verma

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Tue, 01/27/2009 - 11:21

Hello Rahul,

you should provide some more information on how you use the GRE tunnels:

Have you got a routing protocol running over them ?

The only problem after restore is limited to tunnel ip addresses and user traffic flows correctly on primary link or you face an out of service for user traffic too ?

Depending on the way you use the tunnels if different routing protocols are involved for example BGP and one IGP there can be a problem during the restore phase that you are fixing with the shut/no shut cycle

you need to verify in the routing table how you reach GRE endpoints during:

normal condition

during failure

after restore but before sh/no sh cycle

if you like you can post a filtered version of interesting parts of your configuration and the show commands described above


I see you mention you are using GRE keepalives as a way to track GRE states so I suppose you are using floating static routes.

Hope to help


rahul-verma Wed, 01/28/2009 - 12:06


This Connectivity is like

HO has two links

1. Primary 2Mbps LL Link through PoP A. All Primary tunnels - Tunnel Destination IP Address is routed towards this link.

2. Secondary Metro Ethernet Backup link to PoP B. All Secondary Tunnel's -- Tunnel destination IP Address is routed towards this Sec. Backup link.

During normal functioning , Both Primary & Secondary tunnels remain up.

Static Routing is configured only on customer

ip route x.x.x.x Location -- Primary Tunnel

ip route x.x.x.x Location - Sec Tunnel 100

When primary link goes down, all primary tunnels to locations goes down as keepalives is configured ,which this router stops receiving.

However, Some backup secondary tunnels shows down during this time. Tunnel ip address at other end is not pingable.No traffic going through Tunnel. However, Tunnel destionation is pingable taking source as Tunnel Source IP Address.We have to go to config mode then manually shut and no shut to make traffic flow working through Secondary tunnel.

This is Cisco 2851 Router.

IOS = c2800nm-advipservicesk9-mz.124-20.T1.bin

interface Tunnel103

description *** Primary Tunnel****

ip address

ip mtu 1500

ip nat outside

no ip virtual-reassembly

keepalive 10 3

tunnel source Loopback1

tunnel destination


Protocol [ip]:

Target IP address:

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface:

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

Packet sent with a source address of 10.65..x.x

Success rate is 100 percent (5/5), round-trip min/avg/max = 80/112/160 ms


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

ROUTER#sh conf



Danilo Dy Tue, 01/27/2009 - 22:19

I wonder why you configure GRE Tunnel for a Leased Line and MetroE (unless MetroE is point-to-multipoint but Leased Line is point-to-point)


This Discussion