[j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)

masood at nexlinx.net.pk masood at nexlinx.net.pk
Sat Jul 11 09:05:46 EDT 2009 

You know each packet entering the tunnel is encapsulated wtih gre key
value. each packet exiting the tunnel is verified by the gre tunnel key
value and de-encapsulated. the AS pic drops packets tht don't match the
configured key value.

Since GRE doesn't provide encryption. This is like a simple clear-text
password with no encryption. You can enable debug on Cisco box and see if
you can catch the key; do the same thing on Juniper box (traceoption is
your friend there)

Regards,
Masood

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of simon teh
Sent: Saturday, July 11, 2009 10:55 AM
To: juniper-nsp
Subject: [j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)

Hi all,

I have a question over here and have tried to find out the answer from
the forum thread, but failed to get the answer.
Did anyone experience this type of problem before:

Juniper(M20) ----------------GRE tunnel-----------------------Cisco(7206)

Juniper Configuration
> show configuration interfaces gr-0/1/0
unit 0 {
    tunnel {
        source 219.93.2.1;
        destination 219.93.2.2;
        key 123456;
    }
    family inet {
        mtu 1514;
        address 192.168.1.1/30;
    }
}

Cisco Configuration
interface Tunnel0
 ip address 192.168.1.2 255.255.255.252
 no ip unreachables
 no ip proxy-arp
 ip mtu 1514
 tunnel source 219.93.2.2
 tunnel destination 219.93.2.1
 tunnel key 123456

The problem I had was if I configured both router WITHOUT the tunnel
key, everything looks FINE. However once I include the tunnel key,
then both tunnel UNABLE to ping (interface still up, up). Does anyone
has any idea about the tunnel key between Juniper and Cisco. I am
confident that other configuration is good, it is the problem with the
key.
Any suggestion?

Thank you very much.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list