[c-nsp] gre tunnels

Kern, Tom tkern at CHARMER.COM
Fri Feb 25 14:03:30 EST 2005


ok, here's my issue-
i have 2 routers, both have public ip's. one router is outside my fw, the other is inside. fw is configured to pass gre thru(ip pro 47). 
both routers have connectivity(can ping both from either side).
i'm trying to pass eigrp thru my fw in a gre tunnel to provide internet redudancy( i have 2 sites which use their own isp's). this way, the routes are learned dynamically and thus if one isp's router goes down, the other site's isp will be used for internet access.

i create a tunnel using the source router and destaination router ip.
now, when i create an ip address for the tunnel itself, i can't ping it from the router i created it on. i didin't think its a routing prob, because pinging the tunnel ip should be the same as pinging the eth ip of the router itself from the router? the network id of the tunnel is listed in a "sh ip ro" as connected via the ip of the tunnel.


thanks















Josh Duffek wrote:
> Wait a sec.  Do you have ip connectivity between the two endpoints?
> From the tunnel source can you ping the tunnel dest?  Is that what you
> are saying or something else?
> 
> Can you post your (edited) tunnel interface config?
> 
> If you do have ip connectivity between the two debug tunnel would be
> of interest.  If not figure out the routing problem first.
> 
> Thanks,
> 
> josh duffek    network engineer
> consultantjd16 at ridemetro.org
> 
>> -----Original Message-----
>> From: Kern, Tom [mailto:tkern at CHARMER.COM]
>> Sent: Friday, February 25, 2005 12:40 PM
>> To: Josh Duffek; Cisco (E-mail)
>> Subject: RE: [c-nsp] gre tunnels
>> 
>> first, sorry for posting twice.
>> 
>> second, i can't even ping the source end of the tunnel at the source
>> router. 
>> 
>> thanks for the doc.
>> 
>> 
>> 
>> Josh Duffek wrote:
>>> This will probably help:
>>> http://www.cisco.com/warp/public/707/multiroute.html
>>> (just disregard the crypto stuff unless you want a VPN)
>>> 
>>> If you cannot ping the remote end of the tunnel then forget about
>>> eigrp for a bit.  Let's say one end of the connection is 1.1.1.1 and
>>> the other is 1.1.1.2.  I would do something like this:
>>> 
>>> Config t
>>> Service timestamp debug datetime msec
>>> !unless you already have better
>>> do sh access list !look for a number starting with 101 that isnt
>>> used !let's say 150 isnt in use: access-list 150 permit icmp host
>>> 1.1.1.1 host 1.1.1.2 
>>> access-list 150 permit icmp host 1.1.1.2 host 1.1.1.1
>>> end
>>> term mon
>>> debug ip pack 150 detail
>>> debug tun
>>> ping 1.1.1.whatever the other side is.
>>> 
>>> Thanks,
>>> 
>>> josh duffek    network engineer
>>> consultantjd16 at ridemetro.org
>>> 
>>>> -----Original Message-----
>>>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>>>> bounces at puck.nether.net] On Behalf Of Kern, Tom
>>>> Sent: Friday, February 25, 2005 12:32 PM
>>>> To: Cisco (E-mail); Cisco List 2 (E-mail)
>>>> Subject: [c-nsp] gre tunnels
>>>> 
>>>> hi, i'm trying to forward eigrp traffic thru a gre tunnel between 2
>>>> routers. does anyone know of a good doc for that.
>>>> 
>>>> also, when i created tunnel, i can't ping the tunnel address from
>>>> either router. anyway to troubleshoot this?
>>>> thanks
>>>> 
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list