cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8858
Views
0
Helpful
12
Replies

A problem on configuring simple a site-to-site tunnel

waynelcww
Level 1
Level 1

Hi all,

I am new to here and I have encounter a problem on setting up a site-to-site tunnel

The blue console cable is just to represent the tunnel that I have set up.

Actually, I tried to follow the guide of this webpage.

http://www.cisco.com/en/US/docs/security/vpn_modules/6342/configuration/guide/6342site3.html

I can ping the tunnel interface and fast-ethernet interface of the other router.

However, I cannot ping to the PC. And I get the following error when using the simulation function

"The device does not have a service that accepts this frame. It drops the frame"

Does anyone know how to solve it?

And is it necessary to set up NAT and ACL for it?

vpnproblem.JPG

Thx a lot

Regards,

Wayne

12 Replies 12

rizwanr74
Level 7
Level 7

what type of end devices you are establishing vpn tunnel to and from, between two routers or between a router between cisco ASA firewall ?

Is this IPSec tunnel or GRE tunnel?

1.Between 2 routers

2.A GRE tunnel, but it seems i switch the mode of the tunnel in packet tracer

Actually i have made similar configuration in real devices but encountered the same problem

copy your both end of the tunnel on the forum.

shine pothen
Level 3
Level 3

Send us the configuration of the router's

Sent from Cisco Technical Support iPad App

oops sorry

Router3

interface Tunnel0

ip address 30.0.0.1 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 202.0.0.2

!

!

interface FastEthernet0/0

ip address 202.0.0.1 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.1.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 192.168.1.0 255.255.255.0 30.0.0.2

Router4

interface Tunnel0

ip address 30.0.0.2 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 202.0.0.1

!

!

interface FastEthernet0/0

ip address 202.0.0.2 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 172.16.1.0 255.255.255.0 30.0.0.1

Thanks

on both routers under interface Tunnel0, issue this command below.

interface Tunnel0

tunnel mode gre ip

let me know the result

Hi,

it won't change anything as it is the default mode for the tunnel interface and from the configs  it wasn't changed but it wouldn't hurt to give it a try though as maybe the real configs is not a GRE tunnel anymore.

Regards.

Alain

Don't forget to rate helpful posts.

well, for this line

"tunnel mode gre ip"

packet tracer does not even have this command

actually i have try this line in the device in real life

but still, the same problem occured

Hi,

Can you do a tracert from the left PC to right PC and can you change your static routes specifying the tun0 interface instead of next-hop.

Regards.

Alain

Don't forget to rate helpful posts.

ya

In fact, to make it simpler, I have ping from the left router to the right PC

Router#traceroute 192.168.1.1

Type escape sequence to abort.

Tracing the route to 192.168.1.1

  1   *     31 msec   31 msec  

Router#traceroute 192.168.1.2

Type escape sequence to abort.

Tracing the route to 192.168.1.2

  1   30.0.0.2        31 msec   31 msec   32 msec  

  2   *     *     *    

  3   *     *     *    

  4   *     *     *    

  5   *     *     *    

  6   *     *     *    

  7   *     *     *    

  8   *     *     *    

  9   *     *     *    

  10   *     *     *    

  11   *     *     *    

  12   *     *     *    

  13   *     *     *    

  14   *     *     *    

  15   *     *     *    

  16   *     *     *    

  17   *     *     *    

  18   *     *     *    

  19   *     *     *    

  20   *     *     *    

  21   *     *     *    

  22   *     *     *    

  23   *     *     *    

  24   *     *     *    

  25   *     *     *    

  26   *     *     *    

  27   *     *     *    

  28   *     *     *    

  29   *     *     *    

  30   *     *     *    

but i cant change it to tun0

because packet tracer hv this command

however, i have set this line

"ip route 172.16.1.0 255.255.255.0 tunnel 0 "

in the real device.

but still I cannot ping the 2 PCs.

Hi,

on real devices can you post following outputs:

-sh ip int br

- sh ip route

-sh int tun0

and do a ping from pc on the left to pc on the right and at same time enter these commands:

In config mode:

access-list 199 premit icmp any any

logging buffered debug

logging buffered 10000

no service timestamp debug

do debug ip packet detail 199

do u all

do sh log

and post output

Regards.

Alain

Don't forget to rate helpful posts.

The configs look good to me. And the traceroute output shows that the tunnel is working.

Router#traceroute 192.168.1.2

Type escape sequence to abort.

Tracing the route to 192.168.1.2

  1   30.0.0.2        31 msec   31 msec   32 msec  

If you can not ping (or traceroute) to the other PC then I believe that it is either some issue in the setup of packet tracer or some issue (such as firewall) in the PC.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco