[c-nsp] gre tunnels

Fri Feb 25 14:18:54 EST 2005

Methinks the tunnel has to be up for you to be able to ping your own
side.  Can I see the "debug tun"/"sh int tunX"?

josh duffek    network engineer
consultantjd16 at ridemetro.org

> -----Original Message-----
> From: Kern, Tom [mailto:tkern at CHARMER.COM]
> Sent: Friday, February 25, 2005 1:04 PM
> To: Josh Duffek; Cisco (E-mail)
> Cc: Cisco List 2 (E-mail)
> Subject: RE: [c-nsp] gre tunnels
> 
> ok, here's my issue-
> i have 2 routers, both have public ip's. one router is outside my fw,
the
> other is inside. fw is configured to pass gre thru(ip pro 47).
> both routers have connectivity(can ping both from either side).
> i'm trying to pass eigrp thru my fw in a gre tunnel to provide
internet
> redudancy( i have 2 sites which use their own isp's). this way, the
routes
> are learned dynamically and thus if one isp's router goes down, the
other
> site's isp will be used for internet access.
> 
> i create a tunnel using the source router and destaination router ip.
> now, when i create an ip address for the tunnel itself, i can't ping
it
> from the router i created it on. i didin't think its a routing prob,
> because pinging the tunnel ip should be the same as pinging the eth ip
of
> the router itself from the router? the network id of the tunnel is
listed
> in a "sh ip ro" as connected via the ip of the tunnel.
> 
> 
> thanks
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Josh Duffek wrote:
> > Wait a sec.  Do you have ip connectivity between the two endpoints?
> > From the tunnel source can you ping the tunnel dest?  Is that what
you
> > are saying or something else?
> >
> > Can you post your (edited) tunnel interface config?
> >
> > If you do have ip connectivity between the two debug tunnel would be
> > of interest.  If not figure out the routing problem first.
> >
> > Thanks,
> >
> > josh duffek    network engineer
> > consultantjd16 at ridemetro.org
> >
> >> -----Original Message-----
> >> From: Kern, Tom [mailto:tkern at CHARMER.COM]
> >> Sent: Friday, February 25, 2005 12:40 PM
> >> To: Josh Duffek; Cisco (E-mail)
> >> Subject: RE: [c-nsp] gre tunnels
> >>
> >> first, sorry for posting twice.
> >>
> >> second, i can't even ping the source end of the tunnel at the
source
> >> router.
> >>
> >> thanks for the doc.
> >>
> >>
> >>
> >> Josh Duffek wrote:
> >>> This will probably help:
> >>> http://www.cisco.com/warp/public/707/multiroute.html
> >>> (just disregard the crypto stuff unless you want a VPN)
> >>>
> >>> If you cannot ping the remote end of the tunnel then forget about
> >>> eigrp for a bit.  Let's say one end of the connection is 1.1.1.1
and
> >>> the other is 1.1.1.2.  I would do something like this:
> >>>
> >>> Config t
> >>> Service timestamp debug datetime msec
> >>> !unless you already have better
> >>> do sh access list !look for a number starting with 101 that isnt
> >>> used !let's say 150 isnt in use: access-list 150 permit icmp host
> >>> 1.1.1.1 host 1.1.1.2
> >>> access-list 150 permit icmp host 1.1.1.2 host 1.1.1.1
> >>> end
> >>> term mon
> >>> debug ip pack 150 detail
> >>> debug tun
> >>> ping 1.1.1.whatever the other side is.
> >>>
> >>> Thanks,
> >>>
> >>> josh duffek    network engineer
> >>> consultantjd16 at ridemetro.org
> >>>
> >>>> -----Original Message-----
> >>>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> >>>> bounces at puck.nether.net] On Behalf Of Kern, Tom
> >>>> Sent: Friday, February 25, 2005 12:32 PM
> >>>> To: Cisco (E-mail); Cisco List 2 (E-mail)
> >>>> Subject: [c-nsp] gre tunnels
> >>>>
> >>>> hi, i'm trying to forward eigrp traffic thru a gre tunnel between
2
> >>>> routers. does anyone know of a good doc for that.
> >>>>
> >>>> also, when i created tunnel, i can't ping the tunnel address from
> >>>> either router. anyway to troubleshoot this?
> >>>> thanks
> >>>>
> >>>> _______________________________________________
> >>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>> archive at http://puck.nether.net/pipermail/cisco-nsp/