ACE20 gre problem

Heine Maring · ‎06-28-2012

Hi,

I want to route gre traffic through an ACE20, but it doesn't seem to work. The only thing I configured was an ACL with gre enabled, but the ACE20 seems to drop the gre packtes. The gre traffic is entering via the vlan 561 interface and should be send out via the vlan 472 interface. Source 10.94.32.212, destination 10.94.132.39. The tunnel control traffic on port tcp/1723 is working fine. In the service-policies is nothing configured for the gre traffic.

Can anyone help me?

ACE configuration

access-list ALL line 10 extended permit ip any any

access-list ALL line 20 extended permit icmp any any

access-list ALL line 30 extended permit gre any any

access-list NAT-472 line 10 extended permit tcp 10.94.132.0 255.255.255.128 10.94.133.0 255.255.255.0

access-group input ALL

interface vlan 472

ip address 10.94.132.2 255.255.255.128

ip dhcp relay server 10.94.62.158

ip dhcp relay server 10.94.62.173

ip dhcp relay enable

alias 10.94.132.1 255.255.255.128

peer ip address 10.94.132.3 255.255.255.128

no normalization

nat-pool 461 10.94.132.4 10.94.132.4 netmask 255.255.255.255 pat

service-policy input ALLOW-ICMP

service-policy input LB-POLICY-VLAN561

service-policy input NAT-472

no shutdown

interface vlan 561

ip address 10.94.83.77 255.255.255.248

alias 10.94.83.76 255.255.255.248

peer ip address 10.94.83.78 255.255.255.248

no normalization

nat-pool 561 10.94.148.5 10.94.148.5 netmask 255.255.255.255 pat

service-policy input ALLOW-ICMP

service-policy input LB-POLICY-VLAN561

no shutdown

ip route 0.0.0.0 0.0.0.0 10.94.83.73

Heine Maring · ‎06-29-2012

The problem is solved with a reload of the 6509 switch with the ACE module. Probably an interface problem on the ACE due to changes.