GRE TUNNEL QUESTION

mohacsitibor · ‎12-01-2022

Hello!
I have a question about gre tunnel. So i have this network, whats picture i uploaded here. So the gre tunnel is between 'R2' and 'KV'.
With the help of ACL-s, i want to deny all the packets coming in from private networks on 'HATAR'. But when i do that, i can't ping from the top left to the bottom right. How can direct traffic on gre tunnel?
I configured the tunnels:
R2:

int tunnel 5
ip address 192.168.140.1 255.255.255.252
tunnel source g0/0/1
tunnel destination 83.14.10.49
tunnel mode gre ip

KV

ip address 192.168.140.2 255.255.255.252
tunnel source g0/0/0
tunnel destination 83.14.10.33
tunnel mode gre ip

i also have configured ospf protocol for the full network, and i got the tunnels' network in the process

MHM Cisco World · ‎12-01-2022

for ACL I dont get what you want
for direct traffic toward GRE tunnel
only use
ip route x.x.x.x y.y.y.y tunnel Z <<- tunnel Z direct traffic to tunnel

mohacsitibor · ‎12-01-2022

So ACL: I want to deny all private network addresses to come in on 'HATAR' and i want to direct them to the gre tunnel
but if i make an extended acl and deny all private network addresses on 'HATAR', the traffic don't go through the tunnel
here is my packet tracer file: https://www.mediafire.com/file/8keiv6cc68is068/topology.pkt/file

MHM Cisco World · ‎12-02-2022

but the tunnel pass through HATAR?

anyway as I mention, you need static route toward tunnel, what you concern here is destination not source.
only config static route for destination (traffic must pass through tunnel ) and that it.
traffic will pass through tunnel.

mohacsitibor · ‎12-04-2022

The tunnel is between R2 and KV
i'll try it, thank you