I have just finished configuring two sites over GRE tunnels. Configurations of the two sites are attached as well... My problem is that both the sites are accessing each other upto routing interface only... When I attach any machine on remote site and give the IP of pool 192.168.x.x... it never reaches there (ping timeout)... same is the case with the remote site... Remote site is accessing me on the pool 172.16.2.x but results in ping failure.. All the necessary routes are there.. gre tunnels is up.. I can ping GRE tunnel IPs as well but the problem persist.. Any help please.
In my post of May 24 I seem to have misunderstood which addresses were the LAN addresses that you are trying to reach. I think that I now understand that the LAN addresses are 172.16.2.0/24 and 192.168.0.0/24. Will you verify that this is correct?
Assuming that it is correct it now looks to me like the routing is set up correctly so that the LAN addresses should be reachable through the tunnel. Can you verify that from router LHR-BMW-SW-01 you can ping to 172.16.2.33? And assuming that it worked can you then try an extended ping and in the extended ping specify the same destination of 172.16.2.33 and specify the source address as 192.168.0.1?
And then can you verify that from router KHI-KOR-SW-A31-01 that you can ping to 192.168.0.1? And assuming that it worked can you then try an extended ping and in the extended ping specify the same destination address of 192.168.0.1 and specify the source address as 172.16.2.33?
These pings and extended pings will show whether the LAN of each router is reachable from a routing perspective. I think it is likely that the ping and extended ping will work. If it does work then it points to a possible problem that PCs on one side or the other do not have their default gateways configured correctly.
You got the IP schemes correct now.... Actually LHR-BMW-SW-01 can ping and extended ping to all interface vlans of KHI-KOR-SW-A31-01... similarly KHI-KOR-SW-A31-01 can ping and extended ping all interfaces of LHR-BMW-SW-01.... Only when I try to ping PCs attached to those vlans, ping fails... I kept debugging and now thinking on the lines that it might be MTU size issue... The two sites are linked through Point to Point DSL link... So its likely that when a frame is received on any interface VLAN than because of IEEE 802.1Q tagging, the frame size might be increasing that the MTU....What do you think ?
I have gotten hold of ISP who is going to change MTU size today and will test it again... Will post the outcome. Thank you for all your replies.
Perhaps it is an MTU size issue and it might improve things to have the provider increase the MTU. But depending on how you do it, most ping packets are pretty small and are not likely to have MTU problems. I would suggest that you check the PCs and see what is configured as their default gateway.
Finally my issue is resolved now. I didnt do much on the switch part as other GRE tunnels are working just fine...After loads of debugging, we found that the problem was in the modem providing WAN connectivity. It is supposed to stay in Bridging mode since GRE tunnels are created by the switches. It was in the routing mode thereby creating problem. Thank you for all the help.
Since Sheeraz says that he can ping the GRE tunnel interface address I believe that the GRE tunnels are working and encapsulation mismatch is probably not the issue (though I agree that it looks suspicious).
I believe that the issue is simple routing. Router LHR-BMW-SW-01 has VLAN subnet of 192.168.1.0/24. Router
KHI-KOR-SW-A31-01 does not have a route for that subnet. It does have a route for 192.168.0.0/24 pointing through the tunnel. But not for 192.168.1.0. I believe that attempts to get to 192.168.1.0 are routed out the default route of ip route 0.0.0.0 0.0.0.0 172.16.0.25. And I suspect that going to 172.16.0.25 does not get to the right place, and would certainly not be encapsulated in GRE.
Thank you very much for the replies... I have attached the updated configuration that include the routing tables as well...I have corrected the interface vlan 1 IP address as well ... But still no results. Router LHR-BMW-SW-01 can ping all the interface vlan address of KHI-KOR-SW-A31-01 but it cannot ping any host addresses attached to those vlans... similarly 192.168.0.1 I can ping from KHI-KOR-SW-A31-01 but not the other host addresses .2, .3, .4 etc... No ACL as well. Any further suggestions Please.
I believe that there is still a basic routing problem here. On router KHI-KOR-SW-A31-01 the LAN subnet is 10.0.136.128/29. on router LHR-BMW-SW-01 you do have a static route for that subnet as:
S 10.0.136.128 [1/0] via 10.1.15.241
but that next hop address is through the FastEthernet interface rather than through the tunnel.
C 10.1.15.240 is directly connected, FastEthernet0/1
Fix this routing issue so that the next hop is through the tunnel and let us know what happens.
Thank you for replying Rick.. I did what you suggested.. I changed the static route through tunnel... also changed the tunnel source from IP to interface fastEthernet but no results.... I can still ping all the vlan interfaces of the KHI-KOR-SW-A31-01 but cannot go beyond that.. same is true for the other side. Any further suggestions please.
To help us understand the current state of this problem please post the current configs of both routers and also post the output of show ip route from both routers.
As i find the following should be lan ip's on either segments.Pls clarify if its otherwise.
KHI-KOR-SW-A31-01:: lan 172.16.2.0 255.255.255.0
LHR-BMW-SW-01:: lan 192.168.0.1 255.255.255.0
Pls change the config to the above & post us the results.
description **** Tunnel to PSC LHR ****
tunnel source Fa0/9
tunnel destination 10.1.15.242
ip route 0.0.0.0 0.0.0.0 172.16.0.25
ip route 192.168.0.0 255.255.255.0 tu1
LHR - LHR-BMW-SW-01
description ***** Tunnel to PSC KHI *****
tunnel source fa0/1
tunnel destination 10.0.136.130
ip route 0.0.0.0 0.0.0.0 18.104.22.168
ip route 172.16.2.0 255.255.255.0 tu1
Also, u can use unnumbered interface command on both tunnel interfaces instead of exclusive
ip's.Am not sure why the other 1 route is present in both the configs.& dont specify tunnel modes explicitly.
Pls change the config to the above & post us the results, with the other minute details being the same.
Rate if this helps!!!
Do you have ACLs applied to the internal interfaces?
If so, apply inspection on the Tunnel interfaces to facilitate the returning traffic (ping reply, etc.).
I want to know one thing how 192.168.x.x is connected to the KHI-KOR-SW-A31-01 router and 172.16.2.0 is connected to the LHR_SW_Configuration. configuration seems to be fine if there are specific routes pointing to the tunnel interface, else check the lan