Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ICMP/GRE

I have found that in our GRE DSL environment, client workstations cannot perform a ping or a traceroute from their dos prompts to internal Domain controller servers going over a GRE tunnel. The resources are availabe to them, however they cannot run the ping. Clients receive an "unresponsive" message. I have verified that there are no ACL's blocking the ICMP request. Wanted to know if anyone else out there may be experiencing this. Thanks.

4 REPLIES
Hall of Fame Super Gold

Re: ICMP/GRE

Mark

I have not seen that symptom before. Are there access lists applied on the GRE tunnel interfaces? If so could you post them?

HTH

Rick

New Member

Re: ICMP/GRE

Rick,

there is an extended acl on the host side of the connect for the tunnel. It is one line item that permits traffic between the DMZ address and the external peer address.

At the remote device we don't have any ACL's on the tunnel that block ICMP currently.

Hall of Fame Super Gold

Re: ICMP/GRE

Mark

ok lets try a slightly different approach. First can you confirm that other end stations are able to ping and traceroute to the Domain controller (verify that the Domain controller is not rejecting the traffic)?

Second, if an end station does a traceroute, how far do you see the responses going?

HTH

Rick

New Member

Re: ICMP/GRE

Rick,

I have confirmed that other end stations in the same Service Center where the GRE tunnel is implemented all have the same problem. On the traceroute the path goes to the peer address of the other end of the tunnel, that being the host VPN router back at Corp, and then it drops off. That output is straight off of the client cmd prompt. When I test from my local LAN connection on my machine outside of any GRE VPN tunnel configuration I can ping the DC just fine. I think this may have something to do with the encapsulation going through the VPN tunnel, what do you think?

217
Views
0
Helpful
4
Replies
CreatePlease to create content