Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tunnel int shows up up even as remote site is shutdown

Hi Everyone,

We have Tunnels running over internet between 2 sites.

One site has power shutdown so all devices are down there.

On site that is up  when i do sh ip int brief on router it shows all the tunnels going to other site as up up.

i did sh int  tu on it and it shows that

keepalive is not set.

So keepalive is the reason that int tu shows up up ?

Regards

MAhesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Tunnel int shows up up even as remote site is shutdown

HI Mahesh,

A GRE Tunnel will always be up but you can configure a keepalive to verify if it is a routing or any other problem.

Regards

Tunnel int shows up up even as remote site is shutdown

Hi,

In general it's true to say that a tunnel will appear as "protocol up" when the IP address used as the tunnel destination is in the routing table. It obviously also needs a valid source IP address.

Using keepalives on the tunnel is one option to have the tunnel state more truely reflect operational state, but there are a few restirctions on their use i.e., they're not supported when using IPSec profiles on the GRE tunnel.

It it probably worth taking a read of the GRE Tunnel Keepalives technical note which gives more details on how GRE tunnel keepalives work and some of the restrictions.

Regards

4 REPLIES
VIP Purple

Tunnel int shows up up even as remote site is shutdown

HI Mahesh,

A GRE Tunnel will always be up but you can configure a keepalive to verify if it is a routing or any other problem.

Regards

Tunnel int shows up up even as remote site is shutdown

Hi,

In general it's true to say that a tunnel will appear as "protocol up" when the IP address used as the tunnel destination is in the routing table. It obviously also needs a valid source IP address.

Using keepalives on the tunnel is one option to have the tunnel state more truely reflect operational state, but there are a few restirctions on their use i.e., they're not supported when using IPSec profiles on the GRE tunnel.

It it probably worth taking a read of the GRE Tunnel Keepalives technical note which gives more details on how GRE tunnel keepalives work and some of the restrictions.

Regards

New Member

Tunnel int shows up up even as remote site is shutdown

Many thanks Steve

Mahesh

Hall of Fame Super Silver

Tunnel int shows up up even as remote site is shutdown

Steve makes an interesting point about keepalives on a tunnel using IPSec with profiles. My experience with tunnels using IPSec with profiles is that if the crypto is not about to maintain the Security Associations then the tunnel liine protocol is down - so no need for keepalives on these tunnels.

HTH

Rick

162
Views
0
Helpful
4
Replies
CreatePlease login to create content