GRE Tunnel Not coming up

Unanswered Question
Feb 2nd, 2009
User Badges:

Hi Friends,


I have a strange issue with simple GRE Tunnel. There is a Tunnel configured between Downstream and Headquarters. However, the tunnel is showing down even though all the configurations are in place. config details is as attached. We have confirmed that the tunnel desinations, tunnel source and the static route are all in place. One Strange thing we find is that while doing the debug for keepalives, the routers only seem to be sending keepalives, but does not seem to receive it. We have removed and applied back the tunnel config, reloaded the router. Any suggestions on this is highly appreciated. Thanks in advance



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Mon, 02/02/2009 - 06:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Manoj,

there is no bidirectional IP connectivity between the two ip addresses in use or some device in the middle like a firewall is filtering one side of communication.


try to perform an extended pin using the same ip addresses that are used as GRE endpoints


if this doesn't work the tunnel cannot come up.

By using the keepalive on GRE tunnel the tunnel state is conditioned on the correct sending and receiving of GRE keepalives.


Be aware that this a feature that was added later to IOS so it is also possible that one of the two devices is not able to send GRE keepalives correctly.


Perform the basic checks I suggested above.


Hope to help

Giuseppe


gojericho0 Mon, 02/02/2009 - 10:50
User Badges:
  • Bronze, 100 points or more

I noticed as well, but not sure if it would affect the tunnel from establishing...


The SNM on tunnels are not the same on both routers

Richard Burts Mon, 02/02/2009 - 11:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Manoj


I agree with Giuseppe that the most likely cause of the problem is that the GRE packets are not making it through to the other peer. I notice that each router has some number greater than zero in the packets sent but has zero in the packets received.


I also notice a mismatch in the configurations. On the downstream router you have the subnet mask as /24:

ip address 192.168.3.1 255.255.255.0

but on the headquarters router the mask is /30:

ip address 192.168.3.2 255.255.255.252


I am not sure that this would cause the problem that you are expecting, but it is something that should be cleaned up.


HTH


Rick

Manoj Wadhwa Mon, 02/02/2009 - 22:02
User Badges:

Hi Friends,


1. The Subnet Mask is not an issue. I noticed it earlier as well and changed to /24 both the ends. It still does not work.


2. The end to end ping test is a challenge because some ISP's dont allow ping/ tracert . I have a few other downstream sites in which the setup is working fine. But end to end ping still fails even though there is no access list configured at our end.


Are there any other debugs that can help us drive down still further. Thanks!


Best Regards,

Manoj

Giuseppe Larosa Mon, 02/02/2009 - 23:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Manoj,

if you cannot test with ping and traceroute you cannot understand if there is a connectivity problem.


I would do the following:

disable GRE keepalive on both ends


assign a private ip address loopback on each side


example

loop 14

ip address 10.0.0.14 255.255.255.255


from other router add a static route

ip route 10.0.0.14 255.255.255.255 tunnel X


do the same on the opposite node:

add a loopback here

from first node add a static route


Now you can ping from loopback to loopback traffic is encapsulated in GRE.


if you still cannot receive the ICMP packets with source and destination the loopbacks you can say that there is no connectivity.

Otherwise if there is one of the two routers donìt support GRE keepalive correctly


Hope to help

Giuseppe




m.scafidi Wed, 02/25/2009 - 04:07
User Badges:

Hi all..


i'm finding about the same problem in a simplier enviroment (configs attached):

i have two routers (Tunnel-1 and Tunnel-2) connected through a third one (Center) and i'm trying to build a GRE tunnel from a loopback interface on Tunnel-1 to a loopback interface on Tunnel-2 (I already tried using physical interfaces).


static routes on the 3 routers make tunnel sources and destinations reachable each other.


Without configuring keepalives tunnel comes up but it's not working (tunnel interfaces don't ping each other and i cant ping for example interface Tunnel-1 GigabitEthernet0/1.1 from Tunnel-2)..


After Configuring Keepalives the tunnel goes down. i have the same Manoj's output debugging tunnel on both ends..


The routers are two Cisco 1841 and a 3825 with the latest Advanced Enterprise IOS..


any suggestions? thanks all


Marco



Richard Burts Wed, 02/25/2009 - 05:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Marco


I have looked through your configs. One of the things that I notice is that there is a mismatch in the tunnel configuration about source and destination address. On tunnel-1 the tunnel destination is 192.168.253.253 but on tunnel-2 the source address is 192.168.200.200 where to be consistent with tunnel-1 I would expect 192.168.253.253.


I suggest that you revise the configs and make the source-destination match between the routers so that what one router configures as the destination is the source on the other router. Give this a try and let us know if it works better.


HTH


Rick

m.scafidi Wed, 02/25/2009 - 06:14
User Badges:

Hi Rick


now it's all working!! thanks a lot!


Marco

Actions

This Discussion