My service provider has recently made some configuration changes within their network [to change route from them to backbone network] - following this ... my WinNT desktop to corporate VPN is failing.
I have traced frames at my end - and I can see that the first steps to the connection are made ... but the first back with GRE is returned almost immediately (ICMP destination unreachable). I guess that this is because GRE (protocol 47) is not enabled to pass through.
Given that this worked one week ago ... can someone tell me the commands I should ask the netowrk operator to run on their 7200 to determine if GRE is being blocked (I have scoured the web and guess that it is to do with Access Lists - but I have no access to CISCO documentation).
Is GRE blocked by default?
Is it possible that the old Access List enabled GRE to old network provider link and now that they have chage network provider ... they have lost the Permit GRE to the ISP address.
[the ICMP comes back in 0.0026 seconds - which is same time as PING to the 7200 and too fast for response from next downstream router at backbone ISP (0.005)
Re: Cisco 7200 and blocked client initiated (MS) VPN
The SP can ping my end point - a W2K server [I can ping and tracert through the 7200 to that end-point without problem].
A question though ... [SP not very responsive] ... I may have misunderstood, but is using Tunnel making a specific route available for this traffic rather than a generic config that allows GRE to get through? [this was working previously when my SP did not know my end-point details and would not have set up a specific targetted end-point]
Is it possible that the 7200 decides not to push the GRE through because it knows that my source address is NAT'd?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :