[c-nsp] Tunnel shutting down when I "ip route"
Hay Kan Sugeng
haykan at qalacom.com
Thu Feb 1 22:44:32 EST 2007
you need routing with specific netmask to your GRE destination.
ip route 192.168.3.1 255.255.255.255 192.136.64.1
or
ip route 192.168.3.1 255.255.255.255 Ethernet0/0
Tuc at T-B-O-H.NET wrote:
> Hi,
>
> I have a GRE/IPSEC tunnel between two 3640's. The
> config looks a little like :
>
> crypto isakmp policy 1
> hash md5
> authentication pre-share
> group 2
> crypto isakmp key donttell address 67.47.145.1
> crypto isakmp key donttell address 192.168.3.1
> crypto isakmp keepalive 10
> crypto ipsec security-association lifetime seconds 28800
> crypto ipsec transform-set MB2 esp-3des esp-md5-hmac
> crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp
> set peer 67.47.145.1
> set transform-set MB2
> match address 100
>
> interface Loopback0
> ip address 172.16.1.1 255.255.255.0
>
> interface Tunnel0
> ip address 192.168.4.1 255.255.255.252
> keepalive 15 5
> tunnel source Ethernet0/0
> tunnel destination 192.168.3.1
>
> interface Ethernet0/0
> ip address 192.136.64.2 255.255.255.0
> full-duplex
> no mop enabled
> crypto map FreeBSDIPSEC-MAP
>
> ip route 0.0.0.0 0.0.0.0 192.136.64.1
> ip route 172.16.3.0 255.255.255.0 Tunnel0
>
> access-list 100 permit gre host 192.136.64.1 host 192.168.3.1
>
>
>
> When I put a
>
> "ip route 192.168.3.0 255.255.255.0 Tunnel0"
>
> I get :
>
> Jan 31 12:24:55 EST: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
>
>
> How do I tell this router that the 192.168.3.0 subnet is on the
> other end of the tunnel?
>
> Thanks, Tuc
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list