Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
0
Helpful
2
Replies

multiple gre tunnels issue

bencytharakan
Level 1
Level 1

‎12-10-2009 02:02 PM

HI,

  I am having two sites, site A connected to 2 ISP's and site B connected to 2 ISP. I want to run a site-to-site GRE VPN across the sites and want to use both ISP so that they run as backup site-to-site VPN  to each other. Is this possible ? Somehow this setup is not working, I am using a cisco 2600 on site A and cisco 2800 series on site B.

On each router there will be four tunnels

interface Tunnel1

ip address 192.168.5.1 255.255.255.252

ip mtu 1300

keepalive 10 3

tunnel source 173.X.X.X

tunnel destination 203.X.X.X

!

interface Tunnel2

ip address 192.168.6.1 255.255.255.252

ip mtu 1300

keepalive 10 3

tunnel source 69.X.X.X

tunnel destination 203.X.X.X

!

interface Tunnel3

ip address 192.168.7.1 255.255.255.252

ip mtu 1300

ip tcp adjust-mss 1436

keepalive 10 3

tunnel source 173.X.X.X

tunnel destination 124.X.X.X

!

interface Tunnel4

ip address 192.168.8.1 255.255.255.252

ip mtu 1300

keepalive 10 3

tunnel source 69.X.X.X

tunnel destination 124.X.X.X

!

Regards

Bency

Labels:
0 Helpful
2 Replies 2

bapatsubodh
Level 1
Level 1

‎12-10-2009 02:12 PM

hi,

What I understand from the configuration is that you have configured GRE tunnels on the WAN IP address of the routers.

Direct the traffic to tunnel for destination subnet with higher administrative distance.

That is on Location A

ip route Subnet_B / Mask Tunnel_to_Location_B Admin_distance.

You may use route-maps and attach this route-map in incoming ethernet interface and and send the traffic to tunnel this is also another option.

Try both  options.

It is very comman to have GRE vpn as back up to point-to-point link.

hope this helps.

Rate if it helps

Subodh

0 Helpful

bencytharakan
Level 1
Level 1
In response to bapatsubodh

‎12-10-2009 02:27 PM

Hi Subodh,

Thanks for the reply.

The issue I am facing is that the tunnels are acting wierd, sometimes i am able to ping from tunnel2,3,4 and not from tunnel1, when i tried giving a reboot to my cisco at site A i am able to ping from tunnel1 and not from rest of the tunnels.

Tunnel1                   192.168.5.1     YES NVRAM  up                    up
Tunnel2                   192.168.6.1     YES NVRAM  up                    down
Tunnel3                   192.168.7.1     YES NVRAM  up                    down
Tunnel4                   192.168.8.1     YES NVRAM  up                    down

Can you let me know how to debug the gre traffic, how can i check the tunnel traffic is taking the proper source ip address ?

Regards

Bency

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents