[c-nsp] Tunnel shutting down when I "ip route"
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Thu Feb 1 21:23:21 EST 2007
Hi,
I have a GRE/IPSEC tunnel between two 3640's. The
config looks a little like :
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key donttell address 67.47.145.1
crypto isakmp key donttell address 192.168.3.1
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set MB2 esp-3des esp-md5-hmac
crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp
set peer 67.47.145.1
set transform-set MB2
match address 100
interface Loopback0
ip address 172.16.1.1 255.255.255.0
interface Tunnel0
ip address 192.168.4.1 255.255.255.252
keepalive 15 5
tunnel source Ethernet0/0
tunnel destination 192.168.3.1
interface Ethernet0/0
ip address 192.136.64.2 255.255.255.0
full-duplex
no mop enabled
crypto map FreeBSDIPSEC-MAP
ip route 0.0.0.0 0.0.0.0 192.136.64.1
ip route 172.16.3.0 255.255.255.0 Tunnel0
access-list 100 permit gre host 192.136.64.1 host 192.168.3.1
When I put a
"ip route 192.168.3.0 255.255.255.0 Tunnel0"
I get :
Jan 31 12:24:55 EST: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
How do I tell this router that the 192.168.3.0 subnet is on the
other end of the tunnel?
Thanks, Tuc
More information about the cisco-nsp
mailing list