04-09-2006 10:41 PM - edited 02-21-2020 02:21 PM
I now have a FR network connecting a central site and many remote sites. Later i have a VPDN network from provider, and I wish them to become the backups for FRs.
for the VPN,the central site connects to provider with 10M, and remote sites connect by ADSL modem which will get one private fixed IP(like 192.168.1.1) each time. the provider has set up the VPN for me, and remote sites can connect to central site and can't access internet which is restricted by our policy. but the central site can't access remote sites since IPs within remote site's LAN are all NATed on ADSL modem. this means the VPN is a clients-to-site VPN. but i wish to create a site-to-site VPN since we have application requiring central-to-remote access. so i wished to create the site-to-site by GRE tunnel withou IPsec. this should be a multipoint GRE tunnel with hub and spokes. The spokes don't need to access each other, and only need to access central site.
Is NHRP needed here? can you help me with your sound GRE without Ipsec experience?
04-09-2006 11:29 PM
Hello,
You can use DMVPN with dynamic routing across the GRE tunnels. Have a look at "Dynamic Multipoint VPN (DMVPN)"
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455c71.html
or "Understanding GRE with DMVPN"
Hope this helps! Please rate all posts.
Regards, Martin
04-10-2006 05:41 PM
thanks mheusinger. this GRE is build over IPsec, but in my senario i don't think IPsec is necessary because ADSL gets fixed private IP and the central router's IP connecting to the provider is also private IP.
i am still confused.
04-10-2006 09:45 PM
The issue here seems to be that the ADSL is doing NAT for the Remote's LAN ip's, so you have problem for hub to spoke initiated traffic (from ur original Q).
This will remain an issue no matter what VPN technology you use (DMVPN,pt-pt GRE, Site-Site ipsec, Ezvpn etc).
Either you need to remove the NAT, or can you do static NAT on the ADSL router?
-Sunil.
04-11-2006 01:16 AM
thanks first.
I tested point-to-point tunnel now. at remote site i use cisco 1841 behind the ADSL modem. 1841's F0/0 connecting to the modem gets 192.168.104.1 with default gateway of 196.168.150.1.
i set up tunnel on remote and central sites with tunnel source and destination of each other.
on remote site:
int tunnel0
ip mtu 1492
tunnel source 192.168.104.1---(i also tried dialer1)
tunnel destination 10.10.12.5---(central site IP)
tunnel mode gre ip
ip route 0.0.0.0 0.0.0.0 dialer1
in the "show ip route"
two dailer1 are displayed 192.168.104.85 and 196.168.150.1.
10.200.200.0 appear and disappear every several seconds.
The problem is that tunnel0 interface's line protocol is up, down every several seconds( this should be the cause for 10.200.200.0's app and disapp).
this really confuses me. who can help me?
04-12-2006 06:26 PM
no reply? this is a really interesting thing to do, hope you all can help.
04-13-2006 03:38 AM
Hello,
do you have dynamic routing enabled over the GRE tunnel? If so, make sure that the tunnel destination is not learned through the tunnel. This would be considered recursive routing and leads to tunnel down. Then your default route would kick in and the tunnel would come up again. This would fit the observed continuous flapping.
Hope this helps! Please rate all posts.
Regards, Martin
04-16-2006 06:13 PM
i didn't enable dynamic routing on remote router since i just wish to get it done first from "static routing". the destination addresses are static. and the tunnel addresses are 10.200.200.1 and 10.200.200.2 respectively.
i wish to start from point-to-point, then dynamic routing, then multipoint. long way to go yet. i didn't find the usage of GRE tunnels in the senario like mine.
04-19-2006 12:25 AM
something strange happens.
the tunnel interface on remote site router is from up to down every 20 seconds, and from down to up every 10 seconds. just as configured to act like that. below is the config on remote site router.
anybody help?
hostname C1800
!
!
logging buffered 51200 warnings
enable secret xxxx
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
vpdn enable
vpdn ip udp ignore checksum
vpdn-group pppoe
request-dialin
protocol pppoe
username xxx privilege 15 secret xxxx
!
interface Tunnel0
ip address 10.200.200.2 255.255.255.0
no ip redirects
ip mtu 1492
tunnel source 192.168.104.85
tunnel destination 10.10.12.5
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 172.168.x.x.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxx password 0 xxxx
!
no ip classless
ip route 0.0.0.0 0.x.x.x.x.150.1
!
access-list 1 permit any
dialer-list 1 protocol ip permit
*Apr 19 07:51:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, c
hanged state to down
*Apr 19 07:51:45.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, c
hanged state to up
*Apr 19 07:52:05.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, c
hanged state to down
*Apr 19 07:52:15.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, c
hanged state to up
*Apr 19 07:52:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, c
hanged state to down
*Apr 19 07:52:45.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, c
hanged state to up
*Apr 19 07:53:05.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, c
hanged state to down
04-20-2006 07:56 PM
After posting this you seem to have started a new thread discussing this problem using the title:
site-to-site by GRE tunnel with ADSL
and at this URL:
there have been several discussions and a couple of suggested solutions in that thread. I suggest that all further discussion be consolidated in that thread.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: