[nsp] policy-routing GRE tunnel packets

Streiner, Justin streiner at stargate.net
Tue Aug 19 11:14:27 EDT 2003

On Tue, 19 Aug 2003, Alexander Bochmann wrote:

> I had assumed that the Tunnel packets would be
> subject to local policy routing, but that doesn't
> seem to work - according to packet debugging, the
> traffic for both GRE tunnels are sent out following
> the default route.
> Is something like that just not possible with an
> IOS 12.3.1a box, or has anyone managed to make a
> similar setup work?

You may be able to use VRF instances to make this work.  It should also
work fine with 12.3(1a) since that's an outgrowth of 12.2T.  That train
contained some useful/necessary commands, though the place where that
functionality really tended to be necessary from my experience was on the
client side, e.g. the other end of your tunnel interfaces.

Make sure you use the "ip tcp adjust-mss" global command and the "tunnel
keepalive <X> <Y>" interface command.  The first one helps you deal with
the inevitable MTU/fragmentation issues of sending packets through a
tunnel and the second one allows you to force the tunnels down after a
specified length of time, either for monitoring purposes, or to force some
type of a backup connection to get turned on.

I made a pretty detailed post about this for another project I was working
on a few months ago.  You should be able to find it by searching in the
list archives.


More information about the cisco-nsp mailing list