[c-nsp] Tunnel shutting down when I "ip route"

[Roy]

You told the router that the tunnel destination is 192.168.3.1.   Then 
you tried to route 192.168.3.0/24 via the tunnel.  The tunnel shuts down 
since you are now routing the tunnel via the tunnel.  Thats why you get 
the "recursive error".

One way around this is to route 192.1.68.3.1/32 via 192.136.64.1.

ip route 192.168.3.1 255.255.255.255 192.136.64.1

then you can add the route for the 192.168.3.0/24




Tuc at T-B-O-H.NET wrote:
> Hi,
>
> 	I have a GRE/IPSEC tunnel between two 3640's. The
> config looks a little like :
>
> crypto isakmp policy 1
>  hash md5
>  authentication pre-share
>  group 2
> crypto isakmp key donttell address 67.47.145.1
> crypto isakmp key donttell address 192.168.3.1
> crypto isakmp keepalive 10
> crypto ipsec security-association lifetime seconds 28800
> crypto ipsec transform-set MB2 esp-3des esp-md5-hmac 
> crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp 
>  set peer 67.47.145.1
>  set transform-set MB2 
>  match address 100
>
> interface Loopback0
>  ip address 172.16.1.1 255.255.255.0
>
> interface Tunnel0
>  ip address 192.168.4.1 255.255.255.252
>  keepalive 15 5
>  tunnel source Ethernet0/0
>  tunnel destination 192.168.3.1
>
> interface Ethernet0/0
>  ip address 192.136.64.2 255.255.255.0
>  full-duplex
>  no mop enabled
>  crypto map FreeBSDIPSEC-MAP
>
> ip route 0.0.0.0 0.0.0.0 192.136.64.1
> ip route 172.16.3.0 255.255.255.0 Tunnel0
>
> access-list 100 permit gre host 192.136.64.1 host 192.168.3.1
>
>
>
> 	When I put a 
>
> "ip route 192.168.3.0 255.255.255.0 Tunnel0"
>
> 	I get :
>
> Jan 31 12:24:55 EST: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
>
>
> 	How do I tell this router that the 192.168.3.0 subnet is on the
> other end of the tunnel?
>
> 		Thanks, Tuc
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>