Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
11
Replies

GRE Tunnels

Go to solution
usuario0001
Level 1
Level 1

‎06-21-2009 11:43 PM

I have a Cisco 2811 Router configurated with a GRE tunnel, and I want to add another tunnel to other remote site. This is the configuration of the first tunnel:

interface Tunnel1

ip address 10.1.1.1 255.255.255.252

ip access-group 10 out

ip nat inside

ip virtual-reassembly

keepalive 10 3

tunnel source Vlan1

tunnel destination xxx.xxx.xxx.xxx

crypto map IPSEC_VPN

I have some doubts about what subnet to configure for the second tunnel.

In the existing tunnel, the IP address is: 10.1.1.1 and mask: 255.255.255.252 so the subnet is 10.1.1.0. I suppose, I have to configure another diferent subnet (i.e. 10.1.2.0) for the second tunnel, but what IP address and mask, 10.1.2.1 255.255.255.0?

When a PC from the LAN of this router try to connect to the remote router using the tunnel, what IP address do it use?

Thanks and regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10
In response to usuario0001

‎06-22-2009 08:32 AM

You are wrong, all your PC needs is a default gateway route to the router, a default route is a route that defines, all unknown IP traffic should be forwarded to the next hop defined in the default route.

View solution in original post

0 Helpful
11 Replies 11

Go to solution
andrew.prince
Level 10
Level 10

‎06-22-2009 01:18 AM

Marian,

To answer your doubts

In the existing tunnel, the IP address is: 10.1.1.1 and mask: 255.255.255.252 so the subnet is 10.1.1.0. I suppose, I have to configure another diferent subnet (i.e. 10.1.2.0) for the second tunnel, but what IP address and mask, 10.1.2.1 255.255.255.0? - no on your current tunnel you are using 10.1.1.1 255.255.255.252 which is a /30 so you can use the next available /30 which will be 10.1.1.4/30

When a PC from the LAN of this router try to connect to the remote router using the tunnel, what IP address do it use? - you use the remote end IP subnet. You need to make sure you have static/dynamic routes in place for the tunnel.

HTH>

0 Helpful

Go to solution
usuario0001
Level 1
Level 1
In response to andrew.prince

‎06-22-2009 03:32 AM

So, to configure a new tunnel, how many address do I have to reserve? 2 IP address (one for the source and another for the destination )or 4 IP address like the first tunnel configured and in that case, what are the 2 IP address left?

Thanks a lot for your help

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to usuario0001

‎06-22-2009 03:47 AM

Basic subnetting of your first tunnel:-

10.1.1.1 255.255.255.252 = /30 network

Binary 128 64 32 16 8 4 2 1

Mask 128 192 224 249 248 252| 254 255

| 0 0 =0 Network

| 0 1 =1 First IP Address

| 1 0 =2 Second IP Address

| 1 1 =3 Broadcast

Now for your next available network using /30

Binary 128 64 32 16 8 4 2 1

Mask 128 192 224 249 248 252| 254 255

1 | 0 0 =4 Network

1 | 0 1 =5 First IP Address

1 | 1 0 =6 Second IP Address

1 | 1 1 =7 Broadcast

And so on.

0 Helpful

Go to solution
usuario0001
Level 1
Level 1
In response to andrew.prince

‎06-22-2009 06:22 AM

Ok, I understand.

Another question: you said that when a PC connects to the remote network, it gets an IP address from the remote IP subnet, but, how does it gets it, if there is no DHCP activated on the router?

Thanks

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to usuario0001

‎06-22-2009 06:55 AM

There is some confusion here - my first reply to your question was:-

Your original question - When a PC from the LAN of this router try to connect to the remote router using the tunnel, what IP address do it use?

My response - You use the remote end IP subnet. You need to make sure you have static/dynamic routes in place for the tunnel.

0 Helpful

Go to solution
usuario0001
Level 1
Level 1
In response to andrew.prince

‎06-22-2009 07:07 AM

I think I understood your response, and I do have static routes, like this:

ip route 192.168.3.0 255.255.255.0 10.1.1.2

But what I was wondering is which address from the subnet 192.168.3.0 do I get when I connect from a local PC to this remote end subnet.

Thanks and regards

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to usuario0001

‎06-22-2009 07:12 AM

Your question makes no sense? Are you asking which IP address you should use to connect to a remote end device? If so - use the IP address the remote end device is configured with.

0 Helpful

Go to solution
usuario0001
Level 1
Level 1
In response to andrew.prince

‎06-22-2009 07:58 AM

I will try to explain myself better, if I want to connect from my local PC (IP addr: 192.168.5.10) to a remote PC with have the IP address 192.168.3.25 I need to have in my local PC an IP address from that subnet, (i.e. 192.168.3.30), or Am I wrong?

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to usuario0001

‎06-22-2009 08:32 AM

You are wrong, all your PC needs is a default gateway route to the router, a default route is a route that defines, all unknown IP traffic should be forwarded to the next hop defined in the default route.

0 Helpful

Go to solution
usuario0001
Level 1
Level 1
In response to andrew.prince

‎06-22-2009 08:39 AM

All right,

Thanks a lot for your help.

Regards

Marian

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to usuario0001

‎06-22-2009 09:03 AM

np - glad to help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents