12-01-2022 05:37 AM
Hello!
I have a question about gre tunnel. So i have this network, whats picture i uploaded here. So the gre tunnel is between 'R2' and 'KV'.
With the help of ACL-s, i want to deny all the packets coming in from private networks on 'HATAR'. But when i do that, i can't ping from the top left to the bottom right. How can direct traffic on gre tunnel?
I configured the tunnels:
R2:
int tunnel 5
ip address 192.168.140.1 255.255.255.252
tunnel source g0/0/1
tunnel destination 83.14.10.49
tunnel mode gre ip
KV
ip address 192.168.140.2 255.255.255.252
tunnel source g0/0/0
tunnel destination 83.14.10.33
tunnel mode gre ip
i also have configured ospf protocol for the full network, and i got the tunnels' network in the process
12-01-2022 05:47 AM
for ACL I dont get what you want
for direct traffic toward GRE tunnel
only use
ip route x.x.x.x y.y.y.y tunnel Z <<- tunnel Z direct traffic to tunnel
12-01-2022 06:02 AM
So ACL: I want to deny all private network addresses to come in on 'HATAR' and i want to direct them to the gre tunnel
but if i make an extended acl and deny all private network addresses on 'HATAR', the traffic don't go through the tunnel
here is my packet tracer file: https://www.mediafire.com/file/8keiv6cc68is068/topology.pkt/file
12-02-2022 11:05 AM
but the tunnel pass through HATAR?
anyway as I mention, you need static route toward tunnel, what you concern here is destination not source.
only config static route for destination (traffic must pass through tunnel ) and that it.
traffic will pass through tunnel.
12-04-2022 06:35 AM
The tunnel is between R2 and KV
i'll try it, thank you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: