[j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)

raymondh (NSP) raymondh.nsp at gmail.com
Sat Jul 11 17:22:32 EDT 2009 

Hi Simon,

Based on your config, I assumed you do have an AS / MS PIC (only the  
AS or MS PIC supports key). Without those PIC(s) you'll most probably  
receive "/kernel: gre doesn't support key option" hence you'll need to  
remove the key option.

what's your junos version and verify the output of show log messages  
(most probably you'll get most of your answers from there before  
enabling any flags in  traceoptions).

Out of curiosity, do you have any CoS on the GRE interface on your  
M20. (If no, then you're fine but if yes, do take a look at PR55687 -  
For your info.)


--raymondh


on your ios based equipment
On Jul 11, 2009, at 9:05 PM, masood at nexlinx.net.pk wrote:

> You know each packet entering the tunnel is encapsulated wtih gre key
> value. each packet exiting the tunnel is verified by the gre tunnel  
> key
> value and de-encapsulated. the AS pic drops packets tht don't match  
> the
> configured key value.
>
> Since GRE doesn't provide encryption. This is like a simple clear-text
> password with no encryption. You can enable debug on Cisco box and  
> see if
> you can catch the key; do the same thing on Juniper box (traceoption  
> is
> your friend there)
>
> Regards,
> Masood
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of simon teh
> Sent: Saturday, July 11, 2009 10:55 AM
> To: juniper-nsp
> Subject: [j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)
>
> Hi all,
>
> I have a question over here and have tried to find out the answer from
> the forum thread, but failed to get the answer.
> Did anyone experience this type of problem before:
>
> Juniper(M20) ----------------GRE tunnel----------------------- 
> Cisco(7206)
>
> Juniper Configuration
>> show configuration interfaces gr-0/1/0
> unit 0 {
>    tunnel {
>        source 219.93.2.1;
>        destination 219.93.2.2;
>        key 123456;
>    }
>    family inet {
>        mtu 1514;
>        address 192.168.1.1/30;
>    }
> }
>
> Cisco Configuration
> interface Tunnel0
> ip address 192.168.1.2 255.255.255.252
> no ip unreachables
> no ip proxy-arp
> ip mtu 1514
> tunnel source 219.93.2.2
> tunnel destination 219.93.2.1
> tunnel key 123456
>
> The problem I had was if I configured both router WITHOUT the tunnel
> key, everything looks FINE. However once I include the tunnel key,
> then both tunnel UNABLE to ping (interface still up, up). Does anyone
> has any idea about the tunnel key between Juniper and Cisco. I am
> confident that other configuration is good, it is the problem with the
> key.
> Any suggestion?
>
> Thank you very much.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list