Need help getting a point to point GRE tunnel set up for Internet traffic

Unanswered Question
Apr 2nd, 2009
User Badges:

I am attempting to get a point to point GRE tunnel set up for backup internet access. Here is some backgorund information on what I am trying to do (if it is even possible):


We have a server co-location what will let us use their internet POP for a backup internet solution from our Corp HQ via fiber. Both locations are physically seperated. What I want to do is create a point to point tunnel that will start at the co-location and terminate on an interface on a UTM firewall device at HQ. So far I have not had much luck getting this to work. Here are the tunnel and route configurations from both sides:


CORP HQ:


interface Tunnel1

description Tunnel to Tierpoint for Internet

ip address 10.0.0.5 255.255.255.252

keepalive 5 4

tunnel source 10.92.0.2 <-- IP address of the UTM firewall

tunnel destination 66.45.*.* <-- IP of the outside address at the co-location


interface Loopback1

ip address 10.0.0.1 255.255.255.255


interface Vlan92

description Backup Internet

ip address 10.92.0.1 255.255.255.248


ip route 66.45.*.* 255.255.255.255 172.16.6.242 <-- Next hop address at the co-location


CO-LOCATION:


interface Tunnel1

description Tunnel to Corp for Internet

ip address 10.0.0.6 255.255.255.252

keepalive 5 4

tunnel source 66.45.*.* <-- Outside internet address

tunnel destination 10.92.0.2 <-- Ip on the UTM firewall


interface Loopback1

ip address 10.0.0.2 255.255.255.255


interface Vlan2

ip address 66.45.*.* 255.255.255.224 <-- Outside internet IP interface


ip route 0.0.0.0 0.0.0.0 66.45.170.193 <-- Next hop IP for the default route

ip route 10.92.0.0 255.255.255.248 172.16.6.241 <-- Next hop IP at HQ


if there is a way to get this to work, I would really appreciate any help. If there is a better way than this, I am all ears!


Thanks!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 04/02/2009 - 16:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Erik


I believe that what you are attempting to do will not work. A GRE tunnel should have the source address as an address on the router. You are attempting to create a GRE tunnel whose source address is an address on the firewall. I do not believe that the router can encapsulate a packet for the GRE with a source address that is not on the router.


I am not clear why you want to use the firewall address as the source address. It is almost like you want the tunnel to terminate on the firewall. But I doubt that the firewall will support terminating the tunnel. If you make the source address 10.90.0.1 I believe that the tunnel could work - assuming that the firewall will allow tunneled traffic through.


HTH


Rick

Actions

This Discussion