07-11-2009 12:27 AM - edited 03-04-2019 05:24 AM
Dear Friend,
I have a setup in which a cisco 3845 is connected with 15 cisco 2851 routers with leased line.I'm using GRE tunnel with IPSEC for security between router's serial link connectivity.All is working fine. data is encrypt and decrypt properly.
Now i have to use 2 cisco 3845 routers for load balancing.
I'm getting serious problem with bac-to-back connectivity with giabitethernet ports.I have done some tests but failed to ping all locations. I'm only able to ping gigethernet port which are directly connected.
Test-1
I have used default routes in straight and croos cable.only directly connected gig port is pinging.
ip router 0.0.0.0 0.0.0.0 gigbitethernet0/0
Test-2
I have used ospf routing on straight and cross cable between gig ports. -same condition.
router ospf 100
network 170.128.0.0 0.0.0.255 area 0
Test-3
I have used same GRE tunnel with IPSEC between gig ports which are directly connected.Configuration is attached in text format.-Same condition
Can you please anyone tell me what i have to do for proper routing.?
Any suggestion will be apprecianble.
Regards,
Siddhartha
Solved! Go to Solution.
07-11-2009 02:45 AM
Hello Siddhartha,
>> I'm really very confuse.I'm new to do it.
do the following
R1:
int gi0/0
no crypto map VPN-BACK_TO_BACk
int tu15
no crypto map VPN-BACK_TO_BACk
shut
router ospf 100
network 170.128.0.0 0.0.0.255 area 0
Do the same on R2
then post
sh ip ospf neigh
eventually use
term mon
debug ip ospf adj
>> Most helpful thing will be that if you test this environment
This is not possible I'm taking care of a real network.
However, if you simplify the setup you can see what is correct and what is wrong.
By the way I wouldn't put the crypto map inside the tunnel interface for me this is wrong : the GRE is the traffic that has to be encrypted
Hope to help
Giuseppe
07-11-2009 12:34 AM
Hello Siddhartha,
I see the same ip address
ip address 170.128.0.10 255.255.255.0
assigned to both R1:g0/0 and R2:g0/0
change one of them in
170.128.0.x with x ne 10
Hope to help
Giuseppe
07-11-2009 02:03 AM
Dear Giuseppe,
It was by mistake.
i'm using 170.128.0.1 and 170.128.0.10 in bith gig ports.but i'm able to routing.
Please help me
07-11-2009 02:26 AM
Hello Siddhartha,
>> I'm only able to ping gigethernet port which are directly connected.
I see it was just a typing mistake in preparing the file you've attached.
If you want to make one device aware of networks learned by other device on GRE tunnels and you trust the GE link remove the crypto map on the GE ports.
Have the two routers build an OSPF adjacency
start without MD5 authentication
it is better to divide the work in multiple steps.
1)
OSPF adjacency without MD5
put a network area command in the same OSPF process used on the GRE tunnels.
check with
sh ip ospf nei
verify R2 learns routes of remote devices only connected to R1.
Then later you can add complexity, if you can trust the environment where the two routers are you don't need a VPN between them.
Trying to configure all at once can be a source of problems.
Hope to help
Giuseppe
07-11-2009 02:36 AM
Hi Giuseppe ,
I'm really very confuse.I'm new to do it.
Kindly tell me what i have to do step-by-step with configuration command.
Most helpful thing will be that if you test this environment before sending.Please..
Siddhartha
07-11-2009 02:45 AM
Hello Siddhartha,
>> I'm really very confuse.I'm new to do it.
do the following
R1:
int gi0/0
no crypto map VPN-BACK_TO_BACk
int tu15
no crypto map VPN-BACK_TO_BACk
shut
router ospf 100
network 170.128.0.0 0.0.0.255 area 0
Do the same on R2
then post
sh ip ospf neigh
eventually use
term mon
debug ip ospf adj
>> Most helpful thing will be that if you test this environment
This is not possible I'm taking care of a real network.
However, if you simplify the setup you can see what is correct and what is wrong.
By the way I wouldn't put the crypto map inside the tunnel interface for me this is wrong : the GRE is the traffic that has to be encrypted
Hope to help
Giuseppe
07-12-2009 10:27 PM
Hi Giuseppe ,
I'm very thankfull to you.Your sulution really help.
I have erase all security from both routers for BAC-to back connectivity and also i have erase OSPF authentication key from both gig ports.
Now all things are working fine.
Thanks,
siddhartha
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: