Hi! I want to configure a tunnel between a 871w (R1) and a 871 (R2).
R1 = 22.214.171.124, R2 = 126.96.36.199, these are public IPs.
R1 has no private network (yet), but R2 has a 10.0.0.40/29 on the inside. I like to establish a tunnel between R1 and R2 with the address of 10.0.0.64/30, and a dynamic routing protocol for learning all routes of the 10.x network. (dynamic, because at the end there will be 5 routers, with 10.x networks behind them...)
Currently, the config on R1 looks like:
ip unnumbered Loopback1014
tunnel source FastEthernet4
tunnel destination 188.8.131.52
ip address 10.0.0.85 255.255.255.255
ip address 10.0.0.65 255.255.255.252
router eigrp 1
network 10.0.0.64 0.0.0.3
network 10.0.0.85 0.0.0.0
ip route 192.168.0.0 255.255.255.0 Vlan10 permanent
ip route 0.0.0.0 0.0.0.0 dhcp
access-list 101 permit gre host 184.108.40.206 host 220.127.116.11
ip access-group 101 in
(these should be all relevant config).
Of course, the other site is reverse... :-)
The tunnel is up, but I can't get a ping to 10.0.0.41 (which is fa0 in the remote router), I think this is because of the recursive routing...
Can somone give me a detailed config of how to get rid of this recursive routing problem? I tried "O'reilly Cisco Cookbook" recipe 12.3, but couldn't get it working...
You can change the ACL101 for permit esp any any and permit gre any any. Anyone can't pass gre traffic if you haven't create a VPN connection with it. If it's a security concern, you can had sonme security to you tunnel interface (ex.: Tunnel key).
But for troubleshooting you better remove your ACL.
You can add also the "tunnel mode gre" into your tunnel interface.
Does your IPSec SA is working fine ?
Does you receiving routing update ?
Which dynamic routing protocol are you using ?
Can you add a static route that simulate you dynamic routing proto to see if is a routing issue.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :