Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
6
Replies

Back-to back connectivity problem

Go to solution
siddindia
Level 1
Level 1

‎07-11-2009 12:27 AM - edited ‎03-04-2019 05:24 AM

Dear Friend,

I have a setup in which a cisco 3845 is connected with 15 cisco 2851 routers with leased line.I'm using GRE tunnel with IPSEC for security between router's serial link connectivity.All is working fine. data is encrypt and decrypt properly.

Now i have to use 2 cisco 3845 routers for load balancing.

I'm getting serious problem with bac-to-back connectivity with giabitethernet ports.I have done some tests but failed to ping all locations. I'm only able to ping gigethernet port which are directly connected.

Test-1

I have used default routes in straight and croos cable.only directly connected gig port is pinging.

ip router 0.0.0.0 0.0.0.0 gigbitethernet0/0

Test-2

I have used ospf routing on straight and cross cable between gig ports. -same condition.

router ospf 100

network 170.128.0.0 0.0.0.255 area 0

Test-3

I have used same GRE tunnel with IPSEC between gig ports which are directly connected.Configuration is attached in text format.-Same condition

Can you please anyone tell me what i have to do for proper routing.?

Any suggestion will be apprecianble.

Regards,

Siddhartha

Labels:
Preview file
24 KB
Preview file
9 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to siddindia

‎07-11-2009 02:45 AM

Hello Siddhartha,

>> I'm really very confuse.I'm new to do it.

do the following

R1:

int gi0/0

no crypto map VPN-BACK_TO_BACk

int tu15

no crypto map VPN-BACK_TO_BACk

shut

router ospf 100

network 170.128.0.0 0.0.0.255 area 0

Do the same on R2

then post

sh ip ospf neigh

eventually use

term mon

debug ip ospf adj

>> Most helpful thing will be that if you test this environment

This is not possible I'm taking care of a real network.

However, if you simplify the setup you can see what is correct and what is wrong.

By the way I wouldn't put the crypto map inside the tunnel interface for me this is wrong : the GRE is the traffic that has to be encrypted

Hope to help

Giuseppe

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-11-2009 12:34 AM

Hello Siddhartha,

I see the same ip address

ip address 170.128.0.10 255.255.255.0

assigned to both R1:g0/0 and R2:g0/0

change one of them in

170.128.0.x with x ne 10

Hope to help

Giuseppe

0 Helpful

Go to solution
siddindia
Level 1
Level 1
In response to Giuseppe Larosa

‎07-11-2009 02:03 AM

Dear Giuseppe,

It was by mistake.

i'm using 170.128.0.1 and 170.128.0.10 in bith gig ports.but i'm able to routing.

Please help me

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to siddindia

‎07-11-2009 02:26 AM

Hello Siddhartha,

>> I'm only able to ping gigethernet port which are directly connected.

I see it was just a typing mistake in preparing the file you've attached.

If you want to make one device aware of networks learned by other device on GRE tunnels and you trust the GE link remove the crypto map on the GE ports.

Have the two routers build an OSPF adjacency

start without MD5 authentication

it is better to divide the work in multiple steps.

1)

OSPF adjacency without MD5

put a network area command in the same OSPF process used on the GRE tunnels.

check with

sh ip ospf nei

verify R2 learns routes of remote devices only connected to R1.

Then later you can add complexity, if you can trust the environment where the two routers are you don't need a VPN between them.

Trying to configure all at once can be a source of problems.

Hope to help

Giuseppe

0 Helpful

Go to solution
siddindia
Level 1
Level 1
In response to Giuseppe Larosa

‎07-11-2009 02:36 AM

Hi Giuseppe ,

I'm really very confuse.I'm new to do it.

Kindly tell me what i have to do step-by-step with configuration command.

Most helpful thing will be that if you test this environment before sending.Please..

Siddhartha

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to siddindia

‎07-11-2009 02:45 AM

Hello Siddhartha,

>> I'm really very confuse.I'm new to do it.

do the following

R1:

int gi0/0

no crypto map VPN-BACK_TO_BACk

int tu15

no crypto map VPN-BACK_TO_BACk

shut

router ospf 100

network 170.128.0.0 0.0.0.255 area 0

Do the same on R2

then post

sh ip ospf neigh

eventually use

term mon

debug ip ospf adj

>> Most helpful thing will be that if you test this environment

This is not possible I'm taking care of a real network.

However, if you simplify the setup you can see what is correct and what is wrong.

By the way I wouldn't put the crypto map inside the tunnel interface for me this is wrong : the GRE is the traffic that has to be encrypted

Hope to help

Giuseppe

0 Helpful

Go to solution
siddindia
Level 1
Level 1
In response to Giuseppe Larosa

‎07-12-2009 10:27 PM

Hi Giuseppe ,

I'm very thankfull to you.Your sulution really help.

I have erase all security from both routers for BAC-to back connectivity and also i have erase OSPF authentication key from both gig ports.

Now all things are working fine.

Thanks,

siddhartha

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card