10-27-2009 02:29 PM - edited 03-04-2019 06:31 AM
Hello, How to avoid Recursive Routing on GRE Tunnel over ipsec
10-27-2009 02:32 PM
You can use static route for the tunnel destination, and/or more specific network statements, and/or distribute-list.
Example to use static route:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094690.shtml#solution
Regards,
jerry
10-27-2009 02:58 PM
This hold good for One Tunnel between Hub&Spoke.
How to avoid recursive routing where multiple tunnels from spoke points to central hub on same router with different service providers.
10-27-2009 06:57 PM
You can do multiple static routes or distribute-list. It is about the same amount of commands.
For distribute-list, you can do something like this, the example is in EIGRP
router eigrp xx
distribute-list prefix TUNNEL_DEST in tunnel y
!
ip prefix TUNNEL_DEST seq 5 deny a.a.a.a/32
ip prefix TUNNEL_DEST seq 10 deny b.b.b.b/32
ip prefix TUNNEL_DEST seq 100 perm 0.0.0.0/0 le 32
However, filtering routes will be very tricky with OSPF.
HTH,
jerry
10-27-2009 02:39 PM
Agreed with Jerry. You can also use the WAN facing interface of each endpoint which most likely won't be part of the routing protocol used on the tunnel.
The concept is that the destination IP for the tunnel can't be learned via the tunnel.
It must be learned via the WAN facing interface of such device.
Regards
Edison.
10-27-2009 11:36 PM
Edison,
Agreed to use WAN Interface if its one Tunnel from Hub to Spoke.
Good example of weird scenario already posted on forum, which could be my upcoming concern.
More than one tunnels from Hub points to spoke on same router with different service providers. Spoke Wan interface would be same but HUB with multiple service provider would be with different WAN Interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide