Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing issue over GRE

I have a GRE tunnel over an ipsec VPN which for the most part works fine, however I have 1 subnet that can not be reached.

The destination address of the GRE tunnel is 172.16.250.25.

Also on the 172.16.250.0 subnet I have other devices that I need to connect to.

I have a static route ip route 172.16.250.0 255.255.255.0 Ethernet0/0.

The Ethernet0/0 interface has a connection to a managed router, and is using a public address.

I can get to several other subnets in my network, but can not get to this 1 subnet.

1 REPLY
Hall of Fame Super Silver

Re: Routing issue over GRE

John

I suspect that the issue is that most of your traffic to the remote site goes through the GRE tunnel and is protected by IPSec. Traffic to that subnet goes according to the static route and goes directly out the outbound interface and is not protected by IPSec. I would guess that the remote site may have an access list that is allowing the inbound IPSec but not allowing the traffic to the subnet where the GRE destination is located.

One possible workaround may be to move the GRE to a subnet by itself (perhaps a loopback on that router). Or perhaps if the issue is an access list on the remote router perhaps the access list can be modified to allow this traffic (though I suspect that there may be considerations about the traffic not being protected by IPSec that make this less attractive).

HTH

Rick

145
Views
0
Helpful
1
Replies
CreatePlease to create content