I am trying to configure an encrypted GRE tunnel between two routers connected via DSL. The tunnel interfaces are up up on both routers. I am not able to reliably PING the tunnel interface on the main router while I am connected to that router. I can?t figure out what is going on.
The router shows the tunnels IP address is directly connected. Why can?t I PING this address reliably?
There may be several things which could be the reason for this. First I think is the fact that depending on how you configure the tunnel (whether you specify GRE keepalive or not) the default is for the GRE tunnel to show as up/up as long as the router has a viable route to the tunnel destination. So a GRE tunnel up/up does not necessarily mean that it is passing traffic.
Second is that with point to point interfaces when you ping the local interface the router will actually send the ping packet out the interface and over the link so that the neighbor receives the ping request and forwards it back (and a similar process for the response). So pinging your own interface is more complicated than it is for something like Ethernet.
I am not clear when you say that "I am not able to reliably PING the tunnel interface" whether means that sometimes it works and sometimes not or does it mean that you can not ping it at all? I believe that the approach to troubleshooting will depend on whether it is sometimes working or never working.
Following things need to be check
1) Configure Keepalive both side same
2) check the routing
3) perform traceroute/ping for fault resolution.
i think this will help you out. please rate this post.
By default GRE tunnel keepalive is disabled, accordingly it seems that the tunnel is illusionary UP/UP (as long as the tunnel destination is reachable in the routing table) and thats why you cant ping, so kindly enable keepalives and we shall see the case.
The static routes appear to be correct as such but it is hard to determine what the issue is without knowing how many hops are in between the two routers and how they are configured.
Hope this helps,
It seems that you have a routing problem between the 2 routers and accordingly the tunnel can't get up, you'll need to traceroute from both ends to find out where is the routing broken and fix this problem.
If you are not able to ping the default gateway that would be the place to start troubleshooting. I would suggest to check for physical connectivity issues first. Assuming that physical connectivity looks ok then I would probably see if cdp is enabled (from the configs you posted it should be) and if so does the router see the gateway as a cdp neighbor. It would also be helpful to check the ARP table and verify whether the router has an ARP entry for the gateway address.
As Harold points out the partial configs that you posted are internally consistent and look ok. For example the static route:
ip route 22.214.171.124 255.255.255.255 126.96.36.199
correctly defines the destination address and defines a next hop that appears to be in the subnet of a physical interface. So it looks good to us. There is no way for us to know whether 188.8.131.52 has a route to 184.108.40.206. From the behavior I am guessing that it does not. Can you verify this?
Try troubleshooting basic IP connectivity between the tunnel endpoints using extended ping.
Hope this helps,
Agree with Hritter, why don't you do a tracert (extended would be much better) and paste the output so that we may know where exactly the packet is dropping and why.