[c-nsp] Tunnel shutting down when I "ip route"

David Prall dcp at dcptech.com
Thu Feb 1 22:25:14 EST 2007


You have the tunnel destination of 192.168.3.1, which is using the default
route you have defined. When you put the 192.168.3.0/24 route down the
tunnel, your tunnel destination now tries to ride the route you pointed down
the tunnel. Recursive Route. Create a static /32 for 192.168.3.1 via the
defaults destination.

--
http://dcp.dcptech.com


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tuc
> at T-B-O-H.NET
> Sent: Thursday, February 01, 2007 9:23 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Tunnel shutting down when I "ip route"
>
> Hi,
>
> 	I have a GRE/IPSEC tunnel between two 3640's. The
> config looks a little like :
>
> crypto isakmp policy 1
>  hash md5
>  authentication pre-share
>  group 2
> crypto isakmp key donttell address 67.47.145.1 crypto isakmp
> key donttell address 192.168.3.1 crypto isakmp keepalive 10
> crypto ipsec security-association lifetime seconds 28800
> crypto ipsec transform-set MB2 esp-3des esp-md5-hmac crypto
> map FreeBSDIPSEC-MAP 1 ipsec-isakmp  set peer 67.47.145.1
> set transform-set MB2  match address 100
>
> interface Loopback0
>  ip address 172.16.1.1 255.255.255.0
>
> interface Tunnel0
>  ip address 192.168.4.1 255.255.255.252
>  keepalive 15 5
>  tunnel source Ethernet0/0
>  tunnel destination 192.168.3.1
>
> interface Ethernet0/0
>  ip address 192.136.64.2 255.255.255.0
>  full-duplex
>  no mop enabled
>  crypto map FreeBSDIPSEC-MAP
>
> ip route 0.0.0.0 0.0.0.0 192.136.64.1
> ip route 172.16.3.0 255.255.255.0 Tunnel0
>
> access-list 100 permit gre host 192.136.64.1 host 192.168.3.1
>
>
>
> 	When I put a
>
> "ip route 192.168.3.0 255.255.255.0 Tunnel0"
>
> 	I get :
>
> Jan 31 12:24:55 EST: %TUN-5-RECURDOWN: Tunnel0 temporarily
> disabled due to recursive routing
>
>
> 	How do I tell this router that the 192.168.3.0 subnet
> is on the other end of the tunnel?
>
> 		Thanks, Tuc
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list