[j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)
Steven Brenchley
bresteven at gmail.com
Mon Jul 13 10:07:27 EDT 2009
PR55687 was fixed a long time ago, unless your running ancient code you
should be fine. It was fixed in 7.3 and later codes.
On Sat, Jul 11, 2009 at 5:22 PM, raymondh (NSP) <raymondh.nsp at gmail.com>wrote:
> Hi Simon,
>
> Based on your config, I assumed you do have an AS / MS PIC (only the AS or
> MS PIC supports key). Without those PIC(s) you'll most probably receive
> "/kernel: gre doesn't support key option" hence you'll need to remove the
> key option.
>
> what's your junos version and verify the output of show log messages (most
> probably you'll get most of your answers from there before enabling any
> flags in traceoptions).
>
> Out of curiosity, do you have any CoS on the GRE interface on your M20. (If
> no, then you're fine but if yes, do take a look at PR55687 - For your info.)
>
>
> --raymondh
>
>
> on your ios based equipment
>
> On Jul 11, 2009, at 9:05 PM, masood at nexlinx.net.pk wrote:
>
> You know each packet entering the tunnel is encapsulated wtih gre key
>> value. each packet exiting the tunnel is verified by the gre tunnel key
>> value and de-encapsulated. the AS pic drops packets tht don't match the
>> configured key value.
>>
>> Since GRE doesn't provide encryption. This is like a simple clear-text
>> password with no encryption. You can enable debug on Cisco box and see if
>> you can catch the key; do the same thing on Juniper box (traceoption is
>> your friend there)
>>
>> Regards,
>> Masood
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of simon teh
>> Sent: Saturday, July 11, 2009 10:55 AM
>> To: juniper-nsp
>> Subject: [j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)
>>
>> Hi all,
>>
>> I have a question over here and have tried to find out the answer from
>> the forum thread, but failed to get the answer.
>> Did anyone experience this type of problem before:
>>
>> Juniper(M20) ----------------GRE tunnel-----------------------Cisco(7206)
>>
>> Juniper Configuration
>>
>>> show configuration interfaces gr-0/1/0
>>>
>> unit 0 {
>> tunnel {
>> source 219.93.2.1;
>> destination 219.93.2.2;
>> key 123456;
>> }
>> family inet {
>> mtu 1514;
>> address 192.168.1.1/30;
>> }
>> }
>>
>> Cisco Configuration
>> interface Tunnel0
>> ip address 192.168.1.2 255.255.255.252
>> no ip unreachables
>> no ip proxy-arp
>> ip mtu 1514
>> tunnel source 219.93.2.2
>> tunnel destination 219.93.2.1
>> tunnel key 123456
>>
>> The problem I had was if I configured both router WITHOUT the tunnel
>> key, everything looks FINE. However once I include the tunnel key,
>> then both tunnel UNABLE to ping (interface still up, up). Does anyone
>> has any idea about the tunnel key between Juniper and Cisco. I am
>> confident that other configuration is good, it is the problem with the
>> key.
>> Any suggestion?
>>
>> Thank you very much.
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Steven Brenchley
-------------------------------------
There are 10 types of people in the world those who understand binary and
those who don't.
More information about the juniper-nsp
mailing list