×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

GRE tunnel issue

Unanswered Question
Oct 28th, 2014
User Badges:

Hello Everyone,

 

I have a problem setting up GRE tunnel ( w/o any encryption) between Cisco 2611 and 2621. IOS version is the same c2600-ik9o3s3-mz.123-26.bin.

The problem is that after configuring both devices I can not ping 2611 from 2621 over tunnel. I added a rule on 2611 WAN interface, so I could see incoming GRE packets. During the ping process I do NOT see any matches on this rule. But as soon as I ping 2621 from 2611, 2621 can ping 2611 as well and I see matches on this rule.

The same thing happens with IPSEC tunnel, but first I would like to resolve issue with GRE as I think the have the same roots.

Can you please advice how I can resolve this issue ?

 

Thank you

Regards,

Alex

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Tue, 10/28/2014 - 03:55
User Badges:
  • Purple, 4500 points or more

Can you post your tunnel interface configs from both routers and any routing protocols or static routes that you have?

HTH,

John

agumeniuc Tue, 10/28/2014 - 04:41
User Badges:

Hi John,

Here are interface configs

2621:

interface Tunnel1
 ip address 10.0.0.6 255.255.255.252
 tunnel source 1.1.1.1
 tunnel destination 2.2.2.2
end

2611:

interface Tunnel0
 ip address 10.0.0.5 255.255.255.252
 tunnel source 2.2.2.2
 tunnel destination 1.1.1.1
end

I am not using any dynamic routing protocol or even static routes over this tunnel. Just trying to make communication between point-to-point hosts 10.0.0.5 any 10.0.0.6.

 

Best regards,

Alex

 

John Blakley Tue, 10/28/2014 - 05:13
User Badges:
  • Purple, 4500 points or more

Can you ping each destination when sourcing from the tunnel source? For example, can you ping, from the 2621, 2.2.2.2 when sourcing from 1.1.1.1? If you have an acl on the interface, you'll want to allow gre through the acl:

permit gre any any

HTH,

John

agumeniuc Tue, 10/28/2014 - 06:12
User Badges:

Yes, I can ping, there is no problem with icmp.

I tried

permit gre any any

and

permit ip any any

I can not ping 10.0.0.5 from 10.0.0.6 until I ping vice versa and tunnel gets up.

 

Richard Burts Tue, 10/28/2014 - 06:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Alex

 

I believe that John was on the right track in asking to see some of what you have configured. But we need to see more than just the tunnel interface configuration (and I do not see any particular issue with the tunnel configuration). So perhaps the issue is about the physical interfaces? It might be helpful if you would post the complete router config. And if you do not want to post the complete config then at least post the interface configurations, the output of show ip route, and the output of show arp from both routers.

 

The symptom that you must start the ping from one side and then the other side will work suggests that there is some issue with how the routers are connected. How does 1.1.1.1 get to 2.2.2.2? What is the physical topology?

 

HTH

 

Rick

agumeniuc Thu, 10/30/2014 - 23:48
User Badges:

Hello guys,

Sorry for the delay with my response.

I attached config files from both routers.

Topology..

2621 is installed in office rack. ISP ethernet cable is connected into the router.

2611 is installed at collocation and also connected to the same ISP . I think ISP`s ethernet calbe gets into the switch first and then from switch into 2611.

I don`t see any problems with the configuration. I think smth is blocking incoming non icmp/tcp/udp packets.

Best regards,

Alex

Attachment: 
John Blakley Tue, 10/28/2014 - 06:48
User Badges:
  • Purple, 4500 points or more

Can you post both physical interface configs (masking public info) and any acls that are used?

 

Actions

This Discussion