I have the following problem with a GRE tunnel between two locations over SDSL. One end is an 2651 (HQ) and the other end is an 1751.
Both the routers have an SDSL wic. The tunnel is established and when i do show ip route i see that the routers learned their routes with eigrp.
I can ping from router to router. But i can't ping from the 1751 to the Terminal server on the HQ location. The routes on the Terminal servers are correct.
I can not also ping from my laptop on the location of the 1751 to the router on the HQ location (2651).
I have tested this in a lab enverinment and that was working fine, the only difference is that the sdsl wic's were changed for ethernet wics.
I also have a case for this but the respnse is very slow. The TAC engineer asked me to change the MTU size and i did this follwing a Microsoft and Cisco document on my laptop , but this was not a solution.
What IOS versions you use? Do you have 802.1q on the Ethernet interfaces? If so, probably you are running in one of the typical IOS IPSec bugs. Please, stop CEF and fast route on the both of the Tunnel interfaces. For security just set "no ip route-cache". If that do not help, please give me your show techs. If it helps, it will be better to upgrade to the latest 12.2.* code (DO NOT USE *T or *.X? images or you'll be sorry!)
The problem is solved, thanks to Andrew Yourtchenko of Cisco TAC.
I've misconfigured the VPN.
I have followed an example with Loopback adapters, but in my situation i don't need the loopbak adapters and need to confige the wan ip address of the remote router instead of the loopback address of the remote router.
Thanks for everyone who helped me with this problem
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :