Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

Some part of IP addresses are not seen through GRE tunnel

a_prutkoy
Level 1
Level 1

‎08-08-2012 05:59 AM - edited ‎03-04-2019 05:12 PM

Hello,

The GRE tunnel.

Cisco 2821 [GE0/0] --- Public Internet --- [FE0/0] Cisco 2801

Cisco 2821:

interface Tunnel0

description GRE tunnel to back office

ip address 172.16.0.2 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

tunnel source GigabitEthernet0/0

tunnel destination 94.xxx.xxx.254

!

interface GigabitEthernet0/0

description $Connect-to-upstream-C2901$

ip address 91.xxx.xxx.254 255.255.255.252

ip access-group 101 in

no ip unreachables

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 192.168.102.250 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

...

!

ip route 0.0.0.0 0.0.0.0 91.xxx.xxx.253

ip route 192.168.101.0 255.255.255.0 172.16.0.1

!

Cisco 2801:

!

interface Tunnel0

description GRE tunnel to main office

ip address 172.16.0.1 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

tunnel source FastEthernet0/0

tunnel destination 91.xxx.xxx.254

!

interface FastEthernet0/0

ip address 94.xxx.xxx.254 255.255.255.252

ip access-group 101 in

no ip unreachables

ip virtual-reassembly

duplex auto

speed auto

crypto map dynmap

!

interface FastEthernet0/1

ip address 192.168.101.250 255.255.255.0

duplex auto

speed auto

!

...

!

ip route 0.0.0.0 0.0.0.0 94.xxx.xxx.253

ip route 192.168.102.0 255.255.255.0 172.16.0.2

!

show arp from 2801:

2801-voip-gw#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  94.xxx.xxx.253         235   001c.f630.5435  ARPA   FastEthernet0/0

Internet  94.xxx.xxx.254           -   0014.1c62.0384  ARPA   FastEthernet0/0

Internet  192.168.101.10          3   1c17.d341.135f  ARPA   FastEthernet0/1

Internet  192.168.101.13         32   0021.5555.3b32  ARPA   FastEthernet0/1

Internet  192.168.101.15         17   dc7b.94f8.022a  ARPA   FastEthernet0/1

Internet  192.168.101.16          6   dc7b.94f8.e6af  ARPA   FastEthernet0/1

Internet  192.168.101.18          8   001f.9e24.a19c  ARPA   FastEthernet0/1

Internet  192.168.101.19         21   001e.7ac5.7a82  ARPA   FastEthernet0/1

Internet  192.168.101.20          0   001e.7ac5.7a24  ARPA   FastEthernet0/1

Internet  192.168.101.21          6   001e.7a26.1fc7  ARPA   FastEthernet0/1

Internet  192.168.101.25         36   0021.5554.7ca9  ARPA   FastEthernet0/1

Internet  192.168.101.26         23   001f.9eac.dbe7  ARPA   FastEthernet0/1

...

Internet  192.168.101.251         1   0015.605f.a46e  ARPA   FastEthernet0/1

Internet  192.168.101.252         0   0013.21b5.c158  ARPA   FastEthernet0/1

ping from 2821:

2821-voip-gw#ping 172.16.0.1                                

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

2821-voip-gw#ping 192.168.101.250

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.250, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

2821-voip-gw#ping 192.168.101.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms

2821-voip-gw#ping 192.168.101.251

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.251, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

ping from 2801:

2801-voip-gw#ping 192.168.101.251

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.251, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

As you can see, I can ping some IP addresses on site 2801 but some can't. The same situation if I ping network on site 2821.

show arp from 2821:

2821-voip-gw#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  91.xxx.xxx.253        146   e8b7.48c3.a641  ARPA   GigabitEthernet0/0

Internet  91.xxx.xxx.254          -   dc7b.94d8.b960  ARPA   GigabitEthernet0/0

Internet  192.168.102.10         24   c40a.cbe1.e6e3  ARPA   GigabitEthernet0/1

Internet  192.168.102.11          0   001b.38ad.9250  ARPA   GigabitEthernet0/1

Internet  192.168.102.12          0   70ca.9b5c.5ec1  ARPA   GigabitEthernet0/1

Internet  192.168.102.13          0   ccef.48a2.7a7a  ARPA   GigabitEthernet0/1

Internet  192.168.102.250         -   dc7b.94d8.b961  ARPA   GigabitEthernet0/1

ping from 2801:

2801-voip-gw-akvalis#ping 192.168.102.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.102.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/8 ms

2801-voip-gw-akvalis#ping 192.168.102.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.102.11, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

ping from 2821:

2821-voip-gw-akvalis#ping 192.168.102.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.102.11, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Can somebody help to understand why some IPs are seen and some not through GRE tunnel?

Labels:
0 Helpful
1 Reply 1

a_prutkoy
Level 1
Level 1

‎08-08-2012 06:46 AM

I have found the issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card