GRE over IPSec Tunnel bouncing for few seconds every 90 seconds.

Unanswered Question
Jul 13th, 2010

Hi Cisco experts,

I have a situation where one of the GRE Tunnel keep on bouncing for only 1 or 2 seconds in every 90 seconds period.We have troubleshoot and check the physical cabling and find out that there is no issue. Event the internet conenction is clean. We can ping both destination from each routers without any abvious time out.

I have attached the configuration sample and also the debug EIGRP logg that I get from the router.

Appreciate your help on this.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
wang baojun Tue, 07/13/2010 - 02:21

hello ,

dynamic routing over gre , you can try to modify config red line below.

interface Tunnel16
description Router-TU16-NKEHKGR01-TU16-GRE Over VPN
bandwidth 5000
ip address x.x.x.x
ip route-cache flow
tunnel source FastEthernet0/0.2
tunnel destination

no  keepalive 10 3

azmirabdwhb Tue, 07/13/2010 - 02:24

Hi Wang,

Thanks for the reply. Should I replace the keepalive configuration at both end?

saquib.tandel Tue, 07/13/2010 - 02:31


I had similar issue and found IOS as the issue. I recollect the router was 1841

Is GRE Tunnel and IPSEC config on the same router. Can you post the full configuration including show version.

Thanks ST

azmirabdwhb Tue, 07/13/2010 - 02:39


Below are the sh ver output :-

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(16), RELEASE SOFTWARE (fc1)
Technical Support:
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 20-Jun-07 07:19 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 5 days, 10 hours, 0 minutes
System returned to ROM by power-on
System restarted at 07:36:52 AET Thu Jul 8 2010
System image file is "flash:c2800nm-advipservicesk9-mz.124-16.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to
[email protected].

Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.
Processor board ID FHK1221F44C
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

azmirabdwhb Thu, 07/15/2010 - 19:34


FYI this issue was cause by the EIGRP’s Retry Limit Exceed. It has been solved by adjusting the mtu size of the tunnel. We found out that there is a mtu size limitation on the provider end.

Thanks all on the input given on troubleshooting this issue.



This Discussion