Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

cannot ping destination GRE tunnel ip but eigrp can learn the tunnel

Hi Forum,

I am building a GRE tunnel from my core switch through ASA firewall to destination site core switch:

switchA <> ASA1 (Internet) ASA2 <> switchB

I can ping the destination tunnel interface address, but i can't ping the tunnel destination. when i show ip eigrp top, i can see these:

P 10.2.2.0/24, 1 successors, FD is 1805568

via 172.16.160.1 (1805568/1805312), Vlan1

via 192.168.5.10 (14605312/1805312), Tunnel0

P 10.2.3.0/24, 1 successors, FD is 1805568

via 172.16.160.1 (1805568/1805312), Vlan1

via 192.168.5.10 (14605312/1805312), Tunnel0

show crypto ipsec sa, i can see this:

local ident (addr/mask/prot/port): (192.168.123.0/255.255.255.240/0/0)

remote ident (addr/mask/prot/port): (192.168.62.0/255.255.255.240/0/0)

current_peer: x.x.x.x

#pkts encaps: 175, #pkts encrypt: 175, #pkts digest: 175

#pkts decaps: 340, #pkts decrypt: 340, #pkts verify: 340

Is that ok?

Thank you,

paul

3 REPLIES
Silver

Re: cannot ping destination GRE tunnel ip but eigrp can learn th

New Member

Re: cannot ping destination GRE tunnel ip but eigrp can learn th

Hi ebreniz,

Thank you very much.

I have just tested the gre tunnel, it does work. i did a ip route of the tunnel destination to the firewall internal interface, i am not sure that could be the reason why i can't ping the tunnel destination or not.

but strange though it works?

Thank you,

paul

New Member

Re: cannot ping destination GRE tunnel ip but eigrp can learn th

I have the same setup, different config I am sure and am having a similar problem. EIGRP is flowing and updating all the routing tables. I can ping interfaces on switches end-to-end through the GRE tunnel that flows through the ASA's IPSEC tunnel. But I cannot ping computers between the two locations. It appears that the switch on one end is ignoring the ping requests.

Any ideas would be appreciated.

J

794
Views
0
Helpful
3
Replies