Need help getting a point to point GRE tunnel set up for Internet traffic
I am attempting to get a point to point GRE tunnel set up for backup internet access. Here is some backgorund information on what I am trying to do (if it is even possible):
We have a server co-location what will let us use their internet POP for a backup internet solution from our Corp HQ via fiber. Both locations are physically seperated. What I want to do is create a point to point tunnel that will start at the co-location and terminate on an interface on a UTM firewall device at HQ. So far I have not had much luck getting this to work. Here are the tunnel and route configurations from both sides:
description Tunnel to Tierpoint for Internet
ip address 10.0.0.5 255.255.255.252
keepalive 5 4
tunnel source 10.92.0.2 <-- IP address of the UTM firewall
tunnel destination 66.45.*.* <-- IP of the outside address at the co-location
ip address 10.0.0.1 255.255.255.255
description Backup Internet
ip address 10.92.0.1 255.255.255.248
ip route 66.45.*.* 255.255.255.255 172.16.6.242 <-- Next hop address at the co-location
description Tunnel to Corp for Internet
ip address 10.0.0.6 255.255.255.252
keepalive 5 4
tunnel source 66.45.*.* <-- Outside internet address
tunnel destination 10.92.0.2 <-- Ip on the UTM firewall
ip address 10.0.0.2 255.255.255.255
ip address 66.45.*.* 255.255.255.224 <-- Outside internet IP interface
ip route 0.0.0.0 0.0.0.0 188.8.131.52 <-- Next hop IP for the default route
ip route 10.92.0.0 255.255.255.248 172.16.6.241 <-- Next hop IP at HQ
if there is a way to get this to work, I would really appreciate any help. If there is a better way than this, I am all ears!
Re: Need help getting a point to point GRE tunnel set up for Int
I believe that what you are attempting to do will not work. A GRE tunnel should have the source address as an address on the router. You are attempting to create a GRE tunnel whose source address is an address on the firewall. I do not believe that the router can encapsulate a packet for the GRE with a source address that is not on the router.
I am not clear why you want to use the firewall address as the source address. It is almost like you want the tunnel to terminate on the firewall. But I doubt that the firewall will support terminating the tunnel. If you make the source address 10.90.0.1 I believe that the tunnel could work - assuming that the firewall will allow tunneled traffic through.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...