cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3076
Views
4
Helpful
11
Replies

Why? %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin

thomasdzubin
Level 1
Level 1

I have a pretty normal two-site GRE tunnel that I want to set up

site1: (10.1.0.0/24 LAN)

interface Tunnel0

ip address 192.168.199.1 255.255.255.252

keepalive 10 3

tunnel source FastEthernet0

tunnel destination x.x.x.x

site2: (10.4.0.0/24 LAN)

interface Tunnel0

ip address 192.168.199.2 255.255.255.252

keepalive 10 3

tunnel source FastEthernet0

tunnel destination y.y.y.y

The tunnel is up and I can PING either side's 192.168.199.x address from the other side.

So far, so good.

I have NO dynamic routing protocols running

But when I put in the static "ip route" statements, to get traffic from one LAN to another...

site1: (10.1.0.0/24 LAN)

ip route 10.4.0.0 255.255.255.0 192.168.199.2

site2: (10.4.0.0/24 LAN)

ip route 10.1.0.0 255.255.255.0 192.168.199.1

I get the dreaded "%TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing"

error and the tunnel shuts down.

Any ideas on what I'm doing wrong?

Here's the "show ip route" output from site1:

Gateway of last resort is x.x.x.x to network 0.0.0.0

x.x.x.0/30 is subnetted, 1 subnets

C x.x.x.x is directly connected, FastEthernet0

192.168.199.0/30 is subnetted, 1 subnets

C 192.168.199.0 is directly connected, Tunnel0

10.0.0.0/24 is subnetted, 2 subnets

C 10.1.0.0 is directly connected, Vlan1

S 10.4.0.0 [1/0] via 192.168.199.2

S* 0.0.0.0/0 [1/0] via x.x.x.x

CalgaryRTR#

site2 "show ip route" is similar.

1 Accepted Solution

Accepted Solutions

Like I stated before, there was something in the config that was causing it.

You could've saved a lot of time by posting the whole config.

Replacing public IPs with non-routable IPs to protect the security of your network while posting in these forums should not have taken you long - search and replace in notepad does wonders :)

Glad you found the problem and thanks for the post back and rating.

Regards,

Edison.

View solution in original post

11 Replies 11

Jerry Ye
Cisco Employee
Cisco Employee

Hi,

The message "%TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing" which really means your tunnel destination address is reachable via the tunnel itself. Is your tunnel destination in the 10.1.0.0/24 and 10.4.0.0/24 network?

Normally, if you are using dynamic routing protocol, you can use distribute-list to block the tunnel destination address to be reached via the tunnel itself. It is a little bit tricky to do it with static route. Can you provide a more detail topology with all the networks?

HTH,

jerry

Edison Ortiz
Hall of Fame
Hall of Fame

As Jerry stated, you are using the tunnel to reach 10.4.0.0/24 from Site2 and 10.1.0.0/24 from SiteA.

At the same time, you are using the source and destination for the tunnel by using the same subnets.

tunnel source FastEthernet0

tunnel destination y.y.y.y

If you want to correct this issue, you need to use a different subnet/interface as the source/destination tunnel.

How are these locations connected? Serial? If so, use the serial interface IP as the source and the remote serial IP as the destination.

HTH,

__

Edison.

Please rate helpful posts

OK, maybe I'm having the end-of-week brain problems, but I WANT my tunnel to go between my two WAN interfaces...FastEthernet0 is connected to the ISP on both routers

site1:

FastEthernet0 has IP of x.x.x.x

Vlan1 has IP of 10.1.0.1

site2:

FastEthernet0 has IP of y.y.y.y

Vlan1 has IP of 10.4.0.1

I don't understand why I WOULDN'T want my tunnel to be

interface Tunnel0

source FastEthernet0

destination x.x.x.x (or y.y.y.y the other router)

Sorry for the dumbness on my end...but I'm really trying to understand.

I'm using tunnels because my private LANs 10.1.0.x and 10.4.0.x aren't routable on the public Internet.

Can you modify your ip routes as followed:

ip route 10.1.0.0 255.255.255.0 tunnel0

ip route 10.4.0.0 255.255.255.0 tunnel0

and post back with results?

HTH,

__

Edison.

Actually, that's one of the many things that I tried before I started posting here.

Same results... the tunnel is up and both ends of the tunnel are PINGable from the other side, but as soon as I add an "ip route" statement, the tunnel goes down and I get the "recursive routing" error in the log.

Hi Thomas,

Can you remove keepalives from the tunnel and then add routes?

interface Tunnel0

no keepalive 10 3

Yes, I did that and I get the same results.

I can't duplicate your problem so I believe there is something wrong with the IOS you are running or there is a piece of the configuration that is missing.

I put a little lab together to emulate your environment and I'm attaching output commands for your perusal.

Thanks for your help. I going to call it a day and go home and have some tea. (perhaps with some Baily's added)

Probably on Monday, I'm going to do a "write erase" and try again with a fresh mind.

I'm an idiot! Yes, there was something else in the config that caused it to fail.

I turned on "debug ip routing" and "debug tunnel" and saw a message with an IP that shouldn't have been there and I found an "ip nat outside source static" statement from a previous trial config. I removed it and VOILA it works!

Sorry about that.

Like I stated before, there was something in the config that was causing it.

You could've saved a lot of time by posting the whole config.

Replacing public IPs with non-routable IPs to protect the security of your network while posting in these forums should not have taken you long - search and replace in notepad does wonders :)

Glad you found the problem and thanks for the post back and rating.

Regards,

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco