cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7893
Views
5
Helpful
9
Replies

GRE Tunnel Not coming up

Manoj Wadhwa
Level 1
Level 1

Hi Friends,

I have a strange issue with simple GRE Tunnel. There is a Tunnel configured between Downstream and Headquarters. However, the tunnel is showing down even though all the configurations are in place. config details is as attached. We have confirmed that the tunnel desinations, tunnel source and the static route are all in place. One Strange thing we find is that while doing the debug for keepalives, the routers only seem to be sending keepalives, but does not seem to receive it. We have removed and applied back the tunnel config, reloaded the router. Any suggestions on this is highly appreciated. Thanks in advance

9 Replies 9

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Manoj,

there is no bidirectional IP connectivity between the two ip addresses in use or some device in the middle like a firewall is filtering one side of communication.

try to perform an extended pin using the same ip addresses that are used as GRE endpoints

if this doesn't work the tunnel cannot come up.

By using the keepalive on GRE tunnel the tunnel state is conditioned on the correct sending and receiving of GRE keepalives.

Be aware that this a feature that was added later to IOS so it is also possible that one of the two devices is not able to send GRE keepalives correctly.

Perform the basic checks I suggested above.

Hope to help

Giuseppe

I noticed as well, but not sure if it would affect the tunnel from establishing...

The SNM on tunnels are not the same on both routers

Manoj

I agree with Giuseppe that the most likely cause of the problem is that the GRE packets are not making it through to the other peer. I notice that each router has some number greater than zero in the packets sent but has zero in the packets received.

I also notice a mismatch in the configurations. On the downstream router you have the subnet mask as /24:

ip address 192.168.3.1 255.255.255.0

but on the headquarters router the mask is /30:

ip address 192.168.3.2 255.255.255.252

I am not sure that this would cause the problem that you are expecting, but it is something that should be cleaned up.

HTH

Rick

HTH

Rick

Hi Friends,

1. The Subnet Mask is not an issue. I noticed it earlier as well and changed to /24 both the ends. It still does not work.

2. The end to end ping test is a challenge because some ISP's dont allow ping/ tracert . I have a few other downstream sites in which the setup is working fine. But end to end ping still fails even though there is no access list configured at our end.

Are there any other debugs that can help us drive down still further. Thanks!

Best Regards,

Manoj

Hello Manoj,

if you cannot test with ping and traceroute you cannot understand if there is a connectivity problem.

I would do the following:

disable GRE keepalive on both ends

assign a private ip address loopback on each side

example

loop 14

ip address 10.0.0.14 255.255.255.255

from other router add a static route

ip route 10.0.0.14 255.255.255.255 tunnel X

do the same on the opposite node:

add a loopback here

from first node add a static route

Now you can ping from loopback to loopback traffic is encapsulated in GRE.

if you still cannot receive the ICMP packets with source and destination the loopbacks you can say that there is no connectivity.

Otherwise if there is one of the two routers donìt support GRE keepalive correctly

Hope to help

Giuseppe

Hi all..

i'm finding about the same problem in a simplier enviroment (configs attached):

i have two routers (Tunnel-1 and Tunnel-2) connected through a third one (Center) and i'm trying to build a GRE tunnel from a loopback interface on Tunnel-1 to a loopback interface on Tunnel-2 (I already tried using physical interfaces).

static routes on the 3 routers make tunnel sources and destinations reachable each other.

Without configuring keepalives tunnel comes up but it's not working (tunnel interfaces don't ping each other and i cant ping for example interface Tunnel-1 GigabitEthernet0/1.1 from Tunnel-2)..

After Configuring Keepalives the tunnel goes down. i have the same Manoj's output debugging tunnel on both ends..

The routers are two Cisco 1841 and a 3825 with the latest Advanced Enterprise IOS..

any suggestions? thanks all

Marco

Marco

I have looked through your configs. One of the things that I notice is that there is a mismatch in the tunnel configuration about source and destination address. On tunnel-1 the tunnel destination is 192.168.253.253 but on tunnel-2 the source address is 192.168.200.200 where to be consistent with tunnel-1 I would expect 192.168.253.253.

I suggest that you revise the configs and make the source-destination match between the routers so that what one router configures as the destination is the source on the other router. Give this a try and let us know if it works better.

HTH

Rick

HTH

Rick

Hi Rick

now it's all working!! thanks a lot!

Marco

silyrixxx
Level 1
Level 1

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: