Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GRE VRF Point-Point Link Basic Scenario

Hi All

This should be pretty basic I have a scenario where i'm trying to build a vrf GRE tunnel. I'm sure you guys may have seen this problem before. I'm unable to ping across tunnel's 2 WAN link. I took tunnel one out of the vrf to test it and it worked as normal. what do you think? I also tried taking tunnel 2 out of vpn_2 vrf on the CE but still could not ping across the WAN link. Until pinging across the WAN link is possible IPSEC won't work so i need some assisitance.

CE-1#ping vrf vpn_2 204.134.84.26

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.134.84.26, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CE-1#

configurations below,

##

CE-1

##

hostname CE-1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf vpn_2
rd 65000:2
!
!
!
!
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key secretkey address 192.168.3.9
crypto isakmp key secretkey address 204.134.83.3
!
!
crypto ipsec transform-set TS esp-aes esp-md5-hmac
mode transport
!
crypto ipsec profile Secure_Tunnel
set transform-set TS
!
!
!
!
!
interface Loopback0
ip vrf forwarding vpn_2
ip address 192.168.1.1 255.255.255.255
!
interface Tunnel1
ip address 204.134.84.21 255.255.255.252
ip mtu 1532
tunnel source 192.168.3.10
tunnel destination 192.168.3.9
tunnel protection ipsec profile Secure_Tunnel
!
interface Tunnel2
ip vrf forwarding vpn_2
ip address 204.134.84.25 255.255.255.252
ip mtu 1532
tunnel source Loopback0
tunnel destination 204.134.83.3
tunnel vrf vpn_2
tunnel protection ipsec profile Secure_Tunnel
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description *** Link to PE-1 ***
ip vrf forwarding vpn_2
ip address 192.168.3.14 255.255.255.252
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description *** Link to PE-1 VRF2 ***
ip address 192.168.3.10 255.255.255.252
no fair-queue
clock rate 2000000
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 192.168.1.1 mask 255.255.255.255
neighbor 192.168.3.9 remote-as 65000
no auto-summary
!
address-family ipv4 vrf vpn_2
  redistribute connected
  neighbor 192.168.3.13 remote-as 65000
  neighbor 192.168.3.13 activate
  neighbor 192.168.3.13 as-override
  neighbor 204.134.84.26 remote-as 65000
  neighbor 204.134.84.26 activate
  neighbor 204.134.84.26 as-override
  no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

###

##

PE-1

####

hostname PE-1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
!
ip cef
no ip domain lookup
!
!
ip vrf vpn_1
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf vpn_2
rd 65000:2
route-target export 65000:2
route-target import 65000:2
!
mpls label protocol ldp
mpls ldp discovery hello interval 1
!
!
!
!
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key secretkey address 192.168.3.10
crypto isakmp key secretkey address 192.168.1.1
!
!
crypto ipsec transform-set TS esp-aes esp-md5-hmac
mode transport
!
crypto ipsec profile Secure_Tunnel
set transform-set TS
!
!
!
!
!
interface Loopback0
ip vrf forwarding vpn_2
ip address 204.134.83.3 255.255.255.255
!
interface Tunnel1
ip address 204.134.84.22 255.255.255.252
ip mtu 1500
tunnel source 192.168.3.9
tunnel destination 192.168.3.10
tunnel protection ipsec profile Secure_Tunnel
!
interface Tunnel2
ip vrf forwarding vpn_2
ip address 204.134.84.26 255.255.255.252
ip mtu 1532
tunnel source Loopback0
tunnel destination 192.168.1.1
tunnel vrf vpn_2
tunnel protection ipsec profile Secure_Tunnel
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description *** Link to CE-1 ***
ip vrf forwarding vpn_2
ip address 192.168.3.13 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
description *** Link to CE-1 ***
ip address 192.168.3.9 255.255.255.252
serial restart-delay 0
!
!
!
router ospf 101
log-adjacency-changes
network 204.134.83.0 0.0.0.255 area 0
network 204.134.84.0 0.0.0.255 area 0
!
router bgp 65000
bgp router-id 204.134.83.3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 204.134.83.1 remote-as 65000
neighbor 204.134.83.1 description PE2
neighbor 204.134.83.1 update-source Loopback0
neighbor 204.134.83.8 remote-as 65000
neighbor 204.134.83.8 description PE3
neighbor 204.134.83.8 update-source Loopback0
!
address-family vpnv4
  neighbor 204.134.83.1 activate
  neighbor 204.134.83.1 send-community both
  neighbor 204.134.83.8 activate
  neighbor 204.134.83.8 send-community both
exit-address-family
!
address-family ipv4 vrf vpn_2
  redistribute connected
  neighbor 192.168.3.14 remote-as 65001
  neighbor 192.168.3.14 activate
  neighbor 192.168.3.14 as-override
  neighbor 204.134.84.25 remote-as 65001
  neighbor 204.134.84.25 activate
  neighbor 204.134.84.25 as-override
  no synchronization
exit-address-family
!
address-family ipv4 vrf vpn_1
  redistribute connected
  neighbor 192.168.3.10 remote-as 65001
  neighbor 192.168.3.10 activate
  neighbor 192.168.3.10 as-override
  no synchronization
exit-address-family

!

!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login

end

PE-1#

339
Views
0
Helpful
0
Replies