Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
4
Replies

Tunnel issue

agumeniuc
Level 1
Level 1

‎10-28-2014 01:31 AM

Hello Everyone,

 

I have a problem setting up GRE tunnel ( w/o any encryption) between Cisco 2611 and 2621. IOS version is the same c2600-ik9o3s3-mz.123-26.bin.

The problem is that after configuring both devices I can not ping 2611 from 2621 over tunnel. I added a rule on 2611 WAN interface, so I could see incoming GRE packets. During the ping process I do NOT see any matches on this rule. But as soon as I ping 2621 from 2611, 2621 can ping 2611 as well and I see matches on this rule.

The same thing happens with IPSEC tunnel, but first I would like to resolve issue with GRE as I think the have the same roots.

Can you please advice how I can resolve this issue ?

 

Thank you

Regards,

Alex

Labels:
0 Helpful
4 Replies 4

johnlloyd_13
Level 9
Level 9

‎10-28-2014 11:13 PM

hi,

please post sanitized config from your 2611 and 2621 to further analyze.

0 Helpful

burleyman
Level 8
Level 8
In response to johnlloyd_13

‎10-29-2014 08:28 AM

Alex,

Your config should look something like this. I think you might be missing the routes.

 

R2621(config)# interface Tunnel1

R2621(config-if)# ip address 10.10.10.1 255.255.255.0 <--- You can make this what ever private IP address you want that is not used in your network

R2621(config-if)# ip mtu 1400 <--- This sets the MTU

R2621(config-if)# ip tcp adjust-mss 1360 <--- This will help with not fragmenting the packets

R2621(config-if)# tunnel source 1.1.1.1 <--- Public IP address goes here

R2621(config-if)# tunnel destination 2.2.2.2 <--- Public IP address goes here

R2621(config-if)#exit

R2621(config)# ip route XXX.XXX.XXX.0 255.255.255.0 10.10.10.2 <--- replace xxx.xxx.xxx.xxx with the network on the 2611 side

*********************************************************

R2611(config)# interface Tunnel1

R2611(config-if)# ip address 10.10.10.2 255.255.255.0 <--- You can make this what ever private IP address you want that is not used in your network

R2611(config-if)# ip mtu 1400

R2611(config-if)# ip tcp adjust-mss 1360

R2611(config-if)# tunnel source 2.2.2.2 <--- Public IP address goes here

R2611(config-if)# tunnel destination 1.1.1.1 <--- Public IP address goes here

R2611(config-if)#exit

R2611(config)# ip route XXX.XXX.XXX.0 255.255.255.0 10.10.10.1 <--- replace xxx.xxx.xxx.xxx with the network on the 2611 side

 

 

Hope this helps,

 

Mike

0 Helpful

Marius Gunnerud
VIP
VIP
In response to burleyman

‎10-30-2014 02:08 AM

Try changing the route command to the following:

ip route XXX.XXX.XXX.0 255.255.255.0 Tunnel1

Then test and let us know how it goes.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎10-30-2014 02:17 AM

I can not ping 2611 from 2621 over tunnel

When you say this, do you mean you can not ping 10.10.10.2 from R2621 and can not ping 10.10.10.1 from R2611?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents