×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACE20 gre problem

Unanswered Question
Jun 28th, 2012
User Badges:

Hi,


I want to route gre traffic through an ACE20, but it doesn't seem to work. The only thing I configured was an ACL with gre enabled, but the ACE20 seems to drop the gre packtes. The gre traffic is entering via the vlan 561 interface and should be send out via the vlan 472 interface. Source 10.94.32.212, destination 10.94.132.39. The tunnel control traffic on port tcp/1723 is working fine. In the service-policies is nothing configured for the gre traffic.



Can anyone help me?


ACE configuration

access-list ALL line 10 extended permit ip any any

access-list ALL line 20 extended permit icmp any any

access-list ALL line 30 extended permit gre any any

access-list NAT-472 line 10 extended permit tcp 10.94.132.0 255.255.255.128 10.94.133.0 255.255.255.0


access-group input ALL


interface vlan 472

  ip address 10.94.132.2 255.255.255.128

  ip dhcp relay server 10.94.62.158

  ip dhcp relay server 10.94.62.173

  ip dhcp relay enable

  alias 10.94.132.1 255.255.255.128

  peer ip address 10.94.132.3 255.255.255.128

  no normalization

  nat-pool 461 10.94.132.4 10.94.132.4 netmask 255.255.255.255 pat

  service-policy input ALLOW-ICMP

  service-policy input LB-POLICY-VLAN561

  service-policy input NAT-472

  no shutdown


interface vlan 561

  ip address 10.94.83.77 255.255.255.248

  alias 10.94.83.76 255.255.255.248

  peer ip address 10.94.83.78 255.255.255.248

  no normalization

  nat-pool 561 10.94.148.5 10.94.148.5 netmask 255.255.255.255 pat

  service-policy input ALLOW-ICMP

  service-policy input LB-POLICY-VLAN561

  no shutdown


ip route 0.0.0.0 0.0.0.0 10.94.83.73

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Heine Maring Fri, 06/29/2012 - 02:04
User Badges:

The problem is solved with a reload of the 6509 switch with the ACE module. Probably an interface problem on the ACE due to changes.

Actions

This Discussion

Related Content