Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multicast over GRE IPsec VPN Tunnel, Interface reset

Try to setup multicast over a GRE/IPsec point-to-point tunnel between two Cisco 1811. After enable interface Tunnel multicast, the interface was up for about 1 minutes, then can not be accessed at all, I had to reload to get the interface accessable, at the same time console shown the following error:

*Feb 22 22:00:06 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.6.14 (Tunnel0) is down: Interface Goodbye received
*Feb 22 22:00:11 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.6.14 (Tunnel0) is up: new adjacency
*Feb 22 22:01:27 CST: %SEC-6-IPACCESSLOGDP: list 104 denied icmp 76.204.172.33 -> 76.204.172.33 (8/0), 9 packets
*Feb 22 22:01:31 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.6.14 (Tunnel0) is down: retry limit exceeded
*Feb 22 22:01:35 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.6.14 (Tunnel0) is up: new adjacency
*Feb 22 22:02:55 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.6.14 (Tunnel0) is down: retry limit exceeded
*Feb 22 22:02:58 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.6.14 (Tunnel0) is up: new adjacency

Even when Tunnel is up, multicast was not routed, test Tunnel got the following message:

A Ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to other end VPN device is failing. This may happen if there is a lesser MTU network which drops 'Do not Fragment' packets.

Recommended Actions:

1) Contact your ISP ......

2) Issue command 'crypto ipsec df-bit clear' under VPN interface to avoid packet drop due to fragmentation.

For config, Tunnel0 is "ip pim dense-mode', Fa1 (to multicast source) is "ip pim dense-mode", global configuration "ip multicast-routing".

I am wondering if my multicast configuration is wrong for multicast over GRE IPsec Tunnel, or GRE IPsec Tunnel configuration has problem, for example its MTU setting is incorrect, or 1811 is too small for this kind of routing?

Many thanks,

Michael

Everyone's tags (4)
2190
Views
0
Helpful
0
Replies