09-12-2008 10:31 AM - edited 03-06-2019 01:21 AM
I have a pretty normal two-site GRE tunnel that I want to set up
site1: (10.1.0.0/24 LAN)
interface Tunnel0
ip address 192.168.199.1 255.255.255.252
keepalive 10 3
tunnel source FastEthernet0
tunnel destination x.x.x.x
site2: (10.4.0.0/24 LAN)
interface Tunnel0
ip address 192.168.199.2 255.255.255.252
keepalive 10 3
tunnel source FastEthernet0
tunnel destination y.y.y.y
The tunnel is up and I can PING either side's 192.168.199.x address from the other side.
So far, so good.
I have NO dynamic routing protocols running
But when I put in the static "ip route" statements, to get traffic from one LAN to another...
site1: (10.1.0.0/24 LAN)
ip route 10.4.0.0 255.255.255.0 192.168.199.2
site2: (10.4.0.0/24 LAN)
ip route 10.1.0.0 255.255.255.0 192.168.199.1
I get the dreaded "%TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing"
error and the tunnel shuts down.
Any ideas on what I'm doing wrong?
Here's the "show ip route" output from site1:
Gateway of last resort is x.x.x.x to network 0.0.0.0
x.x.x.0/30 is subnetted, 1 subnets
C x.x.x.x is directly connected, FastEthernet0
192.168.199.0/30 is subnetted, 1 subnets
C 192.168.199.0 is directly connected, Tunnel0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.0.0 is directly connected, Vlan1
S 10.4.0.0 [1/0] via 192.168.199.2
S* 0.0.0.0/0 [1/0] via x.x.x.x
CalgaryRTR#
site2 "show ip route" is similar.
Solved! Go to Solution.
09-12-2008 01:07 PM
Like I stated before, there was something in the config that was causing it.
You could've saved a lot of time by posting the whole config.
Replacing public IPs with non-routable IPs to protect the security of your network while posting in these forums should not have taken you long - search and replace in notepad does wonders :)
Glad you found the problem and thanks for the post back and rating.
Regards,
Edison.
09-12-2008 11:36 AM
Hi,
The message "%TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing" which really means your tunnel destination address is reachable via the tunnel itself. Is your tunnel destination in the 10.1.0.0/24 and 10.4.0.0/24 network?
Normally, if you are using dynamic routing protocol, you can use distribute-list to block the tunnel destination address to be reached via the tunnel itself. It is a little bit tricky to do it with static route. Can you provide a more detail topology with all the networks?
HTH,
jerry
09-12-2008 11:42 AM
As Jerry stated, you are using the tunnel to reach 10.4.0.0/24 from Site2 and 10.1.0.0/24 from SiteA.
At the same time, you are using the source and destination for the tunnel by using the same subnets.
tunnel source FastEthernet0
tunnel destination y.y.y.y
If you want to correct this issue, you need to use a different subnet/interface as the source/destination tunnel.
How are these locations connected? Serial? If so, use the serial interface IP as the source and the remote serial IP as the destination.
HTH,
__
Edison.
Please rate helpful posts
09-12-2008 11:55 AM
OK, maybe I'm having the end-of-week brain problems, but I WANT my tunnel to go between my two WAN interfaces...FastEthernet0 is connected to the ISP on both routers
site1:
FastEthernet0 has IP of x.x.x.x
Vlan1 has IP of 10.1.0.1
site2:
FastEthernet0 has IP of y.y.y.y
Vlan1 has IP of 10.4.0.1
I don't understand why I WOULDN'T want my tunnel to be
interface Tunnel0
source FastEthernet0
destination x.x.x.x (or y.y.y.y the other router)
Sorry for the dumbness on my end...but I'm really trying to understand.
I'm using tunnels because my private LANs 10.1.0.x and 10.4.0.x aren't routable on the public Internet.
09-12-2008 12:14 PM
Can you modify your ip routes as followed:
ip route 10.1.0.0 255.255.255.0 tunnel0
ip route 10.4.0.0 255.255.255.0 tunnel0
and post back with results?
HTH,
__
Edison.
09-12-2008 12:20 PM
Actually, that's one of the many things that I tried before I started posting here.
Same results... the tunnel is up and both ends of the tunnel are PINGable from the other side, but as soon as I add an "ip route" statement, the tunnel goes down and I get the "recursive routing" error in the log.
09-12-2008 12:25 PM
Hi Thomas,
Can you remove keepalives from the tunnel and then add routes?
interface Tunnel0
no keepalive 10 3
09-12-2008 12:25 PM
Yes, I did that and I get the same results.
09-12-2008 12:37 PM
09-12-2008 12:46 PM
Thanks for your help. I going to call it a day and go home and have some tea. (perhaps with some Baily's added)
Probably on Monday, I'm going to do a "write erase" and try again with a fresh mind.
09-12-2008 01:03 PM
I'm an idiot! Yes, there was something else in the config that caused it to fail.
I turned on "debug ip routing" and "debug tunnel" and saw a message with an IP that shouldn't have been there and I found an "ip nat outside source static" statement from a previous trial config. I removed it and VOILA it works!
Sorry about that.
09-12-2008 01:07 PM
Like I stated before, there was something in the config that was causing it.
You could've saved a lot of time by posting the whole config.
Replacing public IPs with non-routable IPs to protect the security of your network while posting in these forums should not have taken you long - search and replace in notepad does wonders :)
Glad you found the problem and thanks for the post back and rating.
Regards,
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: