10-28-2007 04:07 PM - edited 03-03-2019 05:29 AM
Hello everyone:
I have a problem with a simple GRE tunnel, and can not make it work, the problem lies in the instruction "tunnel source loopback-0" if I use this command does not work, now if I use "tunnel source <ip wan >" if it works, someone can tell me why?
Thanks for your help
Router 1: 2811
version 12.4
no service password-encryption
!
hostname cisco2811
!
no aaa new-model
!
!
ip cef
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 10.10.1.1 255.255.255.0
tunnel source Loopback0
tunnel destination 217.127.XXX.188
!
interface Tunnel1
ip address 10.10.2.1 255.255.255.0
tunnel source Loopback0
tunnel destination 80.32.XXX.125
!
interface FastEthernet0/0
description LOCAL LAN Interface
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description WAN Interface
ip address 195.77.XXX.70 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 195.77.XXX.65
ip route 192.168.3.0 255.255.255.0 Tunnel0
ip route 192.168.4.0 255.255.255.0 Tunnel1
!
ip nat inside source route-map salida-fibra interface FastEthernet0/1 overload
!
access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
!
route-map salida-fibra permit 10
match ip address 120
!
Router 2: 2811
version 12.4
service password-encryption
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
username admin privilege 15 password 7 104CXXXXx13
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Tunnel0
ip address 10.10.1.2 255.255.255.0
tunnel source Loopback0
tunnel destination 195.77.XXX.70
!
interface Ethernet0
ip address 192.168.3.251 255.255.255.0
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 217.127.XXX.188 255.255.255.192
ip nat outside
ip virtual-reassembly
no ip route-cache
no snmp trap link-status
pvc 8/32
encapsulation aal5snap
!
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 192.168.1.0 255.255.255.0 Tunnel0
ip nat inside source route-map nonat interface ATM0.1 overload
!
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 permit ip 192.168.3.0 0.0.0.255 any
!
route-map nonat permit 10
match ip address 120
!
Solved! Go to Solution.
10-29-2007 01:27 AM
The tunnel will only work when the peer interfaces are reachable.
There is nothing against using loopback interfaces but you need to accomodate for this in your ip plan. Using something like 2.2.2.2 is therefore not correct unless your had registered this range. Otherwise, the Internet will not route this adress back to you. (as already stated by p.bevilacqua)
The reason why a loopback is often used for this is that a loopback is idependent of the physical state of an interface. In other words: it never goes down due to a link failure.
regards,
Leo
10-28-2007 04:31 PM
Hi,
The remote end doesn't know about your loopback address. Just use addrres from a wan interface instead.
10-28-2007 11:41 PM
Thanks for the answer, but I have a doubt, then I can not use in a loopback interface atm?
I changed the router 2, as you said but I can not functioning ... Any ideas?
Before
Interface Tunnel0
Ip address 10.10.1.2 255.255.255.0
Tunnel source Loopback0
Tunnel destination 195.77.XXX.70
!
After
Interface Tunnel0
Ip address 10.10.1.2 255.255.255.0
Tunnel source 217.127.XXX.188
Tunnel destination 195.77.XXX.70
!
He also removed the interface loopback 0 in the router 2
10-29-2007 12:20 AM
Please verify the ip connectivity between the tunnel peers.
What is the state of your tunnel interfaces?
Can you post some output regarding tunnel state changes? Any recursive routing there?
One other remark: Routing is applied before NAT and as you are not traversing a nat-outside interface but a tunnel interface instead, the route map is not needed in this config to avoid natting the tunnel traffic.
regards,
Leo
10-29-2007 01:08 AM
Hello, thank you for the answer, as to your question, I have no connectivity within the tunnel, whether from Router 1, I ping 10.10.1.2 not get response ...
Now both routers remove the loopback, and the interface tunnel 0 change the tunnel source to "tunnel source
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.10.1.1/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 2.2.2.2 (Loopback0), destination 217.127.XXX.188
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 09:04:38, output 00:00:19, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
11101 packets output, 773420 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
10-29-2007 01:27 AM
The tunnel will only work when the peer interfaces are reachable.
There is nothing against using loopback interfaces but you need to accomodate for this in your ip plan. Using something like 2.2.2.2 is therefore not correct unless your had registered this range. Otherwise, the Internet will not route this adress back to you. (as already stated by p.bevilacqua)
The reason why a loopback is often used for this is that a loopback is idependent of the physical state of an interface. In other words: it never goes down due to a link failure.
regards,
Leo
10-29-2007 01:55 AM
Thank you, now if I understood, the loopback.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide