Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
5
Replies

Ping Server through GRE Tunnel

egerritsen
Level 1
Level 1

‎12-04-2002 08:22 AM - edited ‎03-09-2019 01:17 AM

Hello,

I have the following problem with a GRE tunnel between two locations over SDSL. One end is an 2651 (HQ) and the other end is an 1751.

Both the routers have an SDSL wic. The tunnel is established and when i do show ip route i see that the routers learned their routes with eigrp.

I can ping from router to router. But i can't ping from the 1751 to the Terminal server on the HQ location. The routes on the Terminal servers are correct.

I can not also ping from my laptop on the location of the 1751 to the router on the HQ location (2651).

I have tested this in a lab enverinment and that was working fine, the only difference is that the sdsl wic's were changed for ethernet wics.

I also have a case for this but the respnse is very slow. The TAC engineer asked me to change the MTU size and i did this follwing a Microsoft and Cisco document on my laptop , but this was not a solution.

Edwin Gerritsen

Labels:
0 Helpful
5 Replies 5

ndoshi
Cisco Employee
Cisco Employee

‎12-04-2002 09:59 PM

without having detail config , network topologu etc it is difficult to say .

a) have you tried debug command , when you do ping rung debug ip icmp packet and see how far request is going and if you are getting any reply ?

b) Traceroute will help

c) do you have route for all the server subnet ? What's default gateway on server ?

0 Helpful

egerritsen
Level 1
Level 1
In response to ndoshi

‎12-05-2002 05:03 AM

I tried the debug icmp command but i don't get an receive.

Traceroute get an receive from the tunnel ip address of the router where i started the ping and then the packets are lossed.

I've static routes on the server and default gateway.

I can sent the network visio drawing if you are interested.

0 Helpful

cyril
Level 1
Level 1

‎12-05-2002 05:24 AM

I would suggest the following:-)

1) On the HQ add redis static/connected on the eigrp so the LAN section is ejected.

2) Manually [for test purposes] add static route entry on the server to the HQ route

3) Traceroute from 1751 to the server behind 2625. You should see just two hops, b/cos a tunnel shows end-to-end point, so one hop on the HQ another is the final i.e the server.

4)term mon and deb ip ic (to see the return route) I believe the icmp reply is using another address which you do no have a route back on the 1751 router.

Let me know if this helps

Many thanks

0 Helpful

ddelchev
Level 1
Level 1
In response to cyril

‎12-05-2002 04:06 PM

What IOS versions you use? Do you have 802.1q on the Ethernet interfaces? If so, probably you are running in one of the typical IOS IPSec bugs. Please, stop CEF and fast route on the both of the Tunnel interfaces. For security just set "no ip route-cache". If that do not help, please give me your show techs. If it helps, it will be better to upgrade to the latest 12.2.* code (DO NOT USE *T or *.X? images or you'll be sorry!)

0 Helpful

egerritsen
Level 1
Level 1
In response to ddelchev

‎12-09-2002 03:29 AM

The problem is solved, thanks to Andrew Yourtchenko of Cisco TAC.

I've misconfigured the VPN.

I have followed an example with Loopback adapters, but in my situation i don't need the loopbak adapters and need to confige the wan ip address of the remote router instead of the loopback address of the remote router.

Thanks for everyone who helped me with this problem

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents