Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

A problem on configuring simple a site-to-site tunnel

Hi all,

I am new to here and I have encounter a problem on setting up a site-to-site tunnel

The blue console cable is just to represent the tunnel that I have set up.

Actually, I tried to follow the guide of this webpage.

http://www.cisco.com/en/US/docs/security/vpn_modules/6342/configuration/guide/6342site3.html

I can ping the tunnel interface and fast-ethernet interface of the other router.

However, I cannot ping to the PC. And I get the following error when using the simulation function

"The device does not have a service that accepts this frame. It drops the frame"

Does anyone know how to solve it?

And is it necessary to set up NAT and ACL for it?

vpnproblem.JPG

Thx a lot

Regards,

Wayne

12 REPLIES

A problem on configuring simple a site-to-site tunnel

what type of end devices you are establishing vpn tunnel to and from, between two routers or between a router between cisco ASA firewall ?

Is this IPSec tunnel or GRE tunnel?

New Member

A problem on configuring simple a site-to-site tunnel

1.Between 2 routers

2.A GRE tunnel, but it seems i switch the mode of the tunnel in packet tracer

Actually i have made similar configuration in real devices but encountered the same problem

A problem on configuring simple a site-to-site tunnel

copy your both end of the tunnel on the forum.

Re: A problem on configuring simple a site-to-site tunnel

Send us the configuration of the router's

Sent from Cisco Technical Support iPad App

New Member

A problem on configuring simple a site-to-site tunnel

oops sorry

Router3

interface Tunnel0

ip address 30.0.0.1 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 202.0.0.2

!

!

interface FastEthernet0/0

ip address 202.0.0.1 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.1.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 192.168.1.0 255.255.255.0 30.0.0.2

Router4

interface Tunnel0

ip address 30.0.0.2 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 202.0.0.1

!

!

interface FastEthernet0/0

ip address 202.0.0.2 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 172.16.1.0 255.255.255.0 30.0.0.1

Thanks

A problem on configuring simple a site-to-site tunnel

on both routers under interface Tunnel0, issue this command below.

interface Tunnel0

tunnel mode gre ip

let me know the result

Purple

A problem on configuring simple a site-to-site tunnel

Hi,

it won't change anything as it is the default mode for the tunnel interface and from the configs  it wasn't changed but it wouldn't hurt to give it a try though as maybe the real configs is not a GRE tunnel anymore.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

A problem on configuring simple a site-to-site tunnel

well, for this line

"tunnel mode gre ip"

packet tracer does not even have this command

actually i have try this line in the device in real life

but still, the same problem occured

Purple

A problem on configuring simple a site-to-site tunnel

Hi,

Can you do a tracert from the left PC to right PC and can you change your static routes specifying the tun0 interface instead of next-hop.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

A problem on configuring simple a site-to-site tunnel

ya

In fact, to make it simpler, I have ping from the left router to the right PC

Router#traceroute 192.168.1.1

Type escape sequence to abort.

Tracing the route to 192.168.1.1

  1   *     31 msec   31 msec  

Router#traceroute 192.168.1.2

Type escape sequence to abort.

Tracing the route to 192.168.1.2

  1   30.0.0.2        31 msec   31 msec   32 msec  

  2   *     *     *    

  3   *     *     *    

  4   *     *     *    

  5   *     *     *    

  6   *     *     *    

  7   *     *     *    

  8   *     *     *    

  9   *     *     *    

  10   *     *     *    

  11   *     *     *    

  12   *     *     *    

  13   *     *     *    

  14   *     *     *    

  15   *     *     *    

  16   *     *     *    

  17   *     *     *    

  18   *     *     *    

  19   *     *     *    

  20   *     *     *    

  21   *     *     *    

  22   *     *     *    

  23   *     *     *    

  24   *     *     *    

  25   *     *     *    

  26   *     *     *    

  27   *     *     *    

  28   *     *     *    

  29   *     *     *    

  30   *     *     *    

but i cant change it to tun0

because packet tracer hv this command

however, i have set this line

"ip route 172.16.1.0 255.255.255.0 tunnel 0 "

in the real device.

but still I cannot ping the 2 PCs.

Purple

A problem on configuring simple a site-to-site tunnel

Hi,

on real devices can you post following outputs:

-sh ip int br

- sh ip route

-sh int tun0

and do a ping from pc on the left to pc on the right and at same time enter these commands:

In config mode:

access-list 199 premit icmp any any

logging buffered debug

logging buffered 10000

no service timestamp debug

do debug ip packet detail 199

do u all

do sh log

and post output

Regards.

Alain

Don't forget to rate helpful posts.
Hall of Fame Super Silver

A problem on configuring simple a site-to-site tunnel

The configs look good to me. And the traceroute output shows that the tunnel is working.

Router#traceroute 192.168.1.2

Type escape sequence to abort.

Tracing the route to 192.168.1.2

  1   30.0.0.2        31 msec   31 msec   32 msec  

If you can not ping (or traceroute) to the other PC then I believe that it is either some issue in the setup of packet tracer or some issue (such as firewall) in the PC.

HTH

Rick

2233
Views
0
Helpful
12
Replies
CreatePlease login to create content