Hi John,Here are interface

agumeniuc · ‎10-28-2014

Hello Everyone,

I have a problem setting up GRE tunnel ( w/o any encryption) between Cisco 2611 and 2621. IOS version is the same c2600-ik9o3s3-mz.123-26.bin.

The problem is that after configuring both devices I can not ping 2611 from 2621 over tunnel. I added a rule on 2611 WAN interface, so I could see incoming GRE packets. During the ping process I do NOT see any matches on this rule. But as soon as I ping 2621 from 2611, 2621 can ping 2611 as well and I see matches on this rule.

The same thing happens with IPSEC tunnel, but first I would like to resolve issue with GRE as I think the have the same roots.

Can you please advice how I can resolve this issue ?

Thank you

Regards,

Alex

John Blakley · ‎10-28-2014

Can you post your tunnel interface configs from both routers and any routing protocols or static routes that you have?

HTH,

John

HTH, John *** Please rate all useful posts ***

agumeniuc · ‎10-28-2014

Hi John,

Here are interface configs

2621:

interface Tunnel1
ip address 10.0.0.6 255.255.255.252
tunnel source 1.1.1.1
tunnel destination 2.2.2.2
end

2611:

interface Tunnel0
ip address 10.0.0.5 255.255.255.252
tunnel source 2.2.2.2
tunnel destination 1.1.1.1
end

I am not using any dynamic routing protocol or even static routes over this tunnel. Just trying to make communication between point-to-point hosts 10.0.0.5 any 10.0.0.6.

Best regards,

Alex

John Blakley · ‎10-28-2014

Can you ping each destination when sourcing from the tunnel source? For example, can you ping, from the 2621, 2.2.2.2 when sourcing from 1.1.1.1? If you have an acl on the interface, you'll want to allow gre through the acl:

permit gre any any

HTH,

John

HTH, John *** Please rate all useful posts ***

agumeniuc · ‎10-28-2014

Yes, I can ping, there is no problem with icmp.

I tried

permit gre any any

and

permit ip any any

I can not ping 10.0.0.5 from 10.0.0.6 until I ping vice versa and tunnel gets up.

Richard Burts · ‎10-28-2014

Alex

I believe that John was on the right track in asking to see some of what you have configured. But we need to see more than just the tunnel interface configuration (and I do not see any particular issue with the tunnel configuration). So perhaps the issue is about the physical interfaces? It might be helpful if you would post the complete router config. And if you do not want to post the complete config then at least post the interface configurations, the output of show ip route, and the output of show arp from both routers.

The symptom that you must start the ping from one side and then the other side will work suggests that there is some issue with how the routers are connected. How does 1.1.1.1 get to 2.2.2.2? What is the physical topology?

HTH

Rick

HTH

Rick

agumeniuc · ‎10-30-2014

Hello guys,

Sorry for the delay with my response.

I attached config files from both routers.

Topology..

2621 is installed in office rack. ISP ethernet cable is connected into the router.

2611 is installed at collocation and also connected to the same ISP . I think ISP`s ethernet calbe gets into the switch first and then from switch into 2611.

I don`t see any problems with the configuration. I think smth is blocking incoming non icmp/tcp/udp packets.

Best regards,

Alex

John Blakley · ‎10-28-2014

Can you post both physical interface configs (masking public info) and any acls that are used?

HTH, John *** Please rate all useful posts ***

GRE tunnel issue