Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

GRE Tunnel up/up Cannot ping tunnel interface

I setup a GRE tunnel between two cisco 2621 routers.  They are both

running IOS c2600-advsecurityk9-mz.123-6c.bin.  When I do a show ip int

brief they both show up/up.   I can ping the tunnel address that the router

resides on but not the distant end.  This is true for both routers.  I can also

ping both the source and destination of the tunnel from both routers.  So I

know that there shouldn't be any recurvise routing problems. My configs are listed below.

My Router:

interface Tunnel65

ip address 10.15.65.1 255.255.255.0

tunnel source FastEthernet0/0

tunnel destination 200.62.203.198

interface FastEthernet0/0

ip address 60.197.140.33 255.255.255.248

no ip mroute-cache

duplex auto

speed auto

ip route 200.62.203.198 255.255.255.255 60.197.140.34

Distant Router:

interface Tunnel65

ip address 10.15.65.65 255.255.255.0

tunnel source Dialer2

tunnel destination 60.197.140.33

interface Dialer2

ip address negotiated

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip inspect to_internet out

encapsulation ppp

dialer pool 2

dialer-group 2

no cdp enable

ppp authentication chap pap callin

ppp pap sent-username XXXXXXXX

ip route 60.197.140.33 255.255.255.255 dialer2

Thank You!!

Everyone's tags (3)
3 REPLIES
New Member

Re: GRE Tunnel up/up Cannot ping tunnel interface

Hi,

The fastethernet port of the router at your end has a public ip address and is connected to Internet(possibly). While the tunnel ip addresses are private ip addresses. Hence when you ping the tunnel ip address at the other end the packet won't be routed by your ISP. I don't see any Natting configuration on the fastethernet port of your router. I think if you do Natting on fastethernet port to NAT the tunnel interface ip address this should resolve or either you may configure IPSEC tunnel with ESP option between the WAN interfaces at both ends.

Regards,

Talha

Purple

GRE Tunnel up/up Cannot ping tunnel interface

Hi,

A GRE Tunnel will always be up but you can configure a keepalive to verify if it is a routing problem.

Could you do this on the side where you initiate the ping:

debug ip icmp

debug ip pack 199

access-list 199 permit icmp any any

logging buff 7

logging buff 100000

no logging  con 7

then do your ping and issue following:  sh log  and post output here.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Alain,I came upon your POST

Alain,

I came upon your POST last night and was hoping to try out your suggestions.

I keyed in debug ip icmp.

As soon as I keyed in debug ip pack 199, my C1921 router was unavailable from SSH.  I'm assuming this debug pegged the CPU.  I had to visit client onsite this morning to reboot the router.

I'm still having similar issues, but just wanted you to know.

Michael West 

4736
Views
0
Helpful
3
Replies
CreatePlease to create content