Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with configuring a tunnel...

Hi! I want to configure a tunnel between a 871w (R1) and a 871 (R2).

R1 = 80.108.1.1, R2 = 80.109.2.2, these are public IPs.

R1 has no private network (yet), but R2 has a 10.0.0.40/29 on the inside. I like to establish a tunnel between R1 and R2 with the address of 10.0.0.64/30, and a dynamic routing protocol for learning all routes of the 10.x network. (dynamic, because at the end there will be 5 routers, with 10.x networks behind them...)

Currently, the config on R1 looks like:

interface Tunnel1014

ip unnumbered Loopback1014

tunnel source FastEthernet4

tunnel destination 80.109.2.2

tunnel sequence-datagrams

tunnel checksum

!

interface Loopback10

ip address 10.0.0.85 255.255.255.255

!

interface Loopback1014

ip address 10.0.0.65 255.255.255.252

!

router eigrp 1

network 10.0.0.64 0.0.0.3

network 10.0.0.85 0.0.0.0

no auto-summary

!

ip route 192.168.0.0 255.255.255.0 Vlan10 permanent

ip route 0.0.0.0 0.0.0.0 dhcp

!

access-list 101 permit gre host 80.109.2.2 host 80.108.1.1

!

interface FastEthernet4

ip access-group 101 in

(these should be all relevant config).

Of course, the other site is reverse... :-)

The tunnel is up, but I can't get a ping to 10.0.0.41 (which is fa0 in the remote router), I think this is because of the recursive routing...

Can somone give me a detailed config of how to get rid of this recursive routing problem? I tried "O'reilly Cisco Cookbook" recipe 12.3, but couldn't get it working...

Thanx in advance!

1 REPLY
New Member

Re: Help with configuring a tunnel...

First of all ;

You can change the ACL101 for permit esp any any and permit gre any any. Anyone can't pass gre traffic if you haven't create a VPN connection with it. If it's a security concern, you can had sonme security to you tunnel interface (ex.: Tunnel key).

But for troubleshooting you better remove your ACL.

You can add also the "tunnel mode gre" into your tunnel interface.

Does your IPSec SA is working fine ?

Does you receiving routing update ?

Which dynamic routing protocol are you using ?

Can you add a static route that simulate you dynamic routing proto to see if is a routing issue.

94
Views
0
Helpful
1
Replies
CreatePlease login to create content