Routing issue over GRE

jporter_hm · ‎09-11-2006

I have a GRE tunnel over an ipsec VPN which for the most part works fine, however I have 1 subnet that can not be reached.

The destination address of the GRE tunnel is 172.16.250.25.

Also on the 172.16.250.0 subnet I have other devices that I need to connect to.

I have a static route ip route 172.16.250.0 255.255.255.0 Ethernet0/0.

The Ethernet0/0 interface has a connection to a managed router, and is using a public address.

I can get to several other subnets in my network, but can not get to this 1 subnet.

Richard Burts · ‎09-11-2006

John

I suspect that the issue is that most of your traffic to the remote site goes through the GRE tunnel and is protected by IPSec. Traffic to that subnet goes according to the static route and goes directly out the outbound interface and is not protected by IPSec. I would guess that the remote site may have an access list that is allowing the inbound IPSec but not allowing the traffic to the subnet where the GRE destination is located.

One possible workaround may be to move the GRE to a subnet by itself (perhaps a loopback on that router). Or perhaps if the issue is an access list on the remote router perhaps the access list can be modified to allow this traffic (though I suspect that there may be considerations about the traffic not being protected by IPSec that make this less attractive).

HTH

Rick

HTH

Rick