I am having real problems since adding a VRF to my existing setup. Currently we connect remote sites to head office via GRE tunnels with IPSec over the internet and then run OSPF. While limited in scalability this has proved to be a very relaible set up. The current set up uses a border router with one interface on the internet and another interface on the corporate LAN. I wanted to remove the Interente interface from the global routing table with the creation of a VRF. Since doing this our GRE tunnels do not appear to be working.
To simplify trouble shooting I have removed the crytomap from the public interface.
3745 IOS c3745-adventerprisek9-mz.124-15.T11.bin
! ip vrf INTERNET rd 64521:100 ! ! interface Tunnel1 description *** HBX to Site 3 *** bandwidth 220 ip address 126.96.36.199 255.255.255.252 no ip proxy-arp ip pim query-interval 10 ip pim sparse-dense-mode ip tcp adjust-mss 1400 ip ospf message-digest-key 10 md5 7 <removed> ip ospf network point-to-point ip ospf hello-interval 3 qos pre-classify keepalive 10 3 tunnel source FastEthernet0/0 tunnel destination 192.0.2.100 tunnel path-mtu-discovery tunnel vrf INTERNET !
! interface FastEthernet0/0 description *** UPSTREAM PROVIDER - *** ip vrf forwarding INTERNET ip address192.0.2.200 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly speed 100 full-duplex no cdp enable max-reserved-bandwidth 90 !
837 IOS c837-k9o3sy6-mz.124-25b.bin
! interface Tunnel1 description *** To acc01-gw.hex *** bandwidth 220 ip address 188.8.131.52 255.255.255.252 no ip proxy-arp ip pim query-interval 10 ip pim sparse-dense-mode ip tcp adjust-mss 1400 ip ospf message-digest-key 10 md5 7 <removed> ip ospf network point-to-point ip ospf hello-interval 3 ip ospf mtu-ignore qos pre-classify keepalive 10 3 tunnel source Dialer1 tunnel destination 192.168.0.200
tunnel path-mtu-discovery ! ! interface Dialer1 description *** plusdsl.net 1MB ADSL *** bandwidth 440 bandwidth receive 2000 ip address 192.0.2.100 ip access-group INBOUND-ACL in ip access-group OUTBOUND-ACL out ip verify unicast reverse-path no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname <removed>
ppp chap password <removed> max-reserved-bandwidth 90 service-policy output QoS-BRANCH-Router !
The head end can see the tunnel interface as UP UP and I am able to ping the local tunnel IP address. I am not able to ping the remote tunnel IP address. A debug of tunnel keepalives shows that the router is sending and recieving keepalive ok.
The remote end can see the tunnel interface as UP DOWN. I am not able to ping the local tunnel IP address but I can ping the remote tunnel IP address (very strange!). A debug of tunnel keepalives shows the router sending keepalives but not recieving them. I can only assume the interface is UP DOWN because the keepalives are bringing the interface down and this is why I can not ping the local tunnel interface. If I remove the tunnel keepalives the interfaces comes UP UP and an OSPF relationship forms.
Is anyone able to explain to me what I have done wrong or how I fix tunnel keepalives for VRF?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...