[c-nsp] Tunnel keepalive in NAT environment problem

Varaillon Jean Christophe j.varaillon at cosmoline.com
Tue Nov 18 07:10:20 EST 2008


Hi,

>The routers can ping reachable each other.

So the routing between the 172.16.1.1 and 1.1.1.1 is working.

> But problem is Router01's ip address is private(172.16.1.1) and Router02
will not reply packet correctly.

Is your firewall allowing GRE traffic to flow between both routers?
Did you configure your translation statement in your firewall so that GRE
traffic can be initiated from both sides?

Christophe


2008/11/18 Varaillon Jean Christophe <j.varaillon at cosmoline.com>:
> Hi
>
> For the tunnel to be operational, each router should be able to reach the
> destination IP of the tunnel from the source IP of the tunnel (extended
ping
> command will help you).
>
> When this is done, meaning, ping from IP source of the tunnel to IP
> destination of the tunnel works, then you can set-up your keepalive
> functionality.
>
> Christophe
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Darren Yang
> Sent: Tuesday, November 18, 2008 12:23 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Tunnel keepalive in NAT environment problem
>
> Hi All,
>
> Because Cisco GRE tunnel keepalive mechanism that must have public IP
> on both site.
> But I have one Router in NAT environment  that it's ip address is
> private IP address and another outside Router is public IP address, so
> when I configure "keepalive" on tunnel interface, the tuneel interface
> would show "line protocol down" message directly....
>
> If anyone have idea about this ?
>
> Thanks :)
>
> pigsign
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> __________ Information from ESET Smart Security, version of virus
signature
> database 3620 (20081118) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> __________ Information from ESET Smart Security, version of virus
signature
> database 3620 (20081118) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
 

__________ Information from ESET Smart Security, version of virus signature
database 3621 (20081118) __________

The message was checked by ESET Smart Security.

http://www.eset.com
 
 

__________ Information from ESET Smart Security, version of virus signature
database 3621 (20081118) __________

The message was checked by ESET Smart Security.

http://www.eset.com
 



More information about the cisco-nsp mailing list