[c-nsp] GRE tunnel (inside ICMP fails after two pings) - Wits End
James Bensley
jwbensley at gmail.com
Fri Aug 24 03:50:12 EDT 2018
Have you run a packet capture on your Linux box to see if the Linux box is sending more than two echo requests / that it is receiving more than two echo requests from the router?
Have you run an embedded packet capture on the ASR1k to see what it sends / receives?
What do you see in your interface counters on the GRE tunnel on each box and physical interface on each box? Any drops or errors, do packets come into physical interface but not tunnel interface?
Have you tried applying an ACL on the ASR1K to match and log these packets?
You need to provide some basic debugging info other than "its configured but doesn't work".
Cheers,
James.
On 24 August 2018 00:09:03 BST, David Deutsch <ddeutsch at tsicorp.net> wrote:
>Hoping the list can help with this one.
>
>I have a basic GRE tunnel between my Cisco ASR1006 and a Linux box.
>
>On the Cisco side:
>
>interface Tunnel100
> description Tun 100 - BPT
> ip address 172.16.100.1 255.255.255.0
> tunnel source x.x.136.1
> tunnel destination x.x.x.234
>
>I have several of these basic GRE tunnels from this router, however
>this is
>the only one giving me problems.
>
>The tunnel source is my loopback, I can ping the local 172.168.100.1,
>however when I try to ping the other inside:
>
>#ping 172.16.100.2
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 172.16.100.2, timeout is 2 seconds:
>!!...
>Success rate is 40 percent (2/5), round-trip min/avg/max = 97/105/113
>ms
>
>It always dies after two pings, every time. Additionally, pinging from
>the
>other side has the exact same results:
>
>ping 172.16.100.1
>PING 172.16.100.1 (172.16.100.1): 56 data bytes
>64 bytes from 172.16.100.1: seq=0 ttl=255 time=83.430 ms
>64 bytes from 172.16.100.1: seq=1 ttl=255 time=88.326 ms
>... then nothing.
>
>I've gone as far as to completely rebuild the Linux side with no luck
>and
>I'm starting to feel that I've missed something basic on the Cisco
>side,
>except I've used these tunnels for years.
>
>Any advice/ideas?
>
>Thanks,
>David
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list