Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1099
Views
10
Helpful
5
Replies

gre over ipsec routing ospf not working

samerkareemlo1993
Level 1
Level 1

‎12-29-2021 02:57 AM

i have create a gre over ipsec in 2 routers 

but ospf routing is not working 

 

i make a gre over ipsec form router 1 Tunnel2354 to router 2 Tunnel2354

this connection is good . i can ping to Tunnel ip form other router 

what i try i do . is 

i need router 1 access router 2  all subnets  which router 2 can access to 

 

 

 

this is router 1 config

 


Building configuration...

Current configuration : 1868 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
ip ips po max-events 100
!
!
crypto isakmp policy 56
encr aes
authentication pre-share
crypto isakmp key rMVvTRvm2Hw7rUxCdIGQAOsiwfmXv1/i address # xxx.xxx.xxx.xxx #this is destination router ip
no crypto isakmp ccm
!
!
crypto ipsec transform-set device1 esp-aes esp-sha-hmac
!
crypto ipsec profile deviceProfile1
set transform-set device1
!
!
!
!
!
interface Tunnel2354
ip address 10.54.65.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination xxx.xxx.xxx.xxx #this is destination router ip
tunnel protection ipsec profile deviceProfile1
!
interface Loopback2
ip address 10.54.63.1 255.255.255.0
!
interface FastEthernet0/0
ip address xxx.xxx.xxx.xxx 255.255.255.252 #xxx.xxx.xxx.xxx #this is router ip
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 10.54.63.0 0.0.0.255 area 0
network 10.54.65.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 #xxx.xxx.xxx.xxx #this is router ip
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!

 

show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

 


C 213.221.44.136 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.54.63.0 is directly connected, Loopback2
C 10.54.65.0 is directly connected, Tunnel2354
C 192.168.1.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via xxx.xxx.xxx.xxx

 

------------------------------------------


this is router 2 config

 

 


Building configuration...

Current configuration : 5941 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common

multilink bundle-name authenticated
!
!
crypto isakmp policy 56
encr aes
authentication pre-share
crypto isakmp key rMVvTRvm2Hw7rUxCdIGQAOsiwfmXv1/i address xxx.xxx.xxx.xxx #this is destination router ip
!
!
crypto ipsec transform-set device1 esp-aes esp-sha-hmac
!
crypto ipsec profile deviceProfile1
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Loopback2
ip address 10.54.64.1 255.255.255.0
!
interface Tunnel1111
ip address 10.226.1.140 255.255.255.192
no ip redirects
ip mtu 1400
ip hold-time eigrp 1 35
ip nhrp map 10.226.1.129 xxx.xxx.xxx.xxx
ip nhrp map multicast xxx.xxx.xxx.xxx
ip nhrp network-id 1
ip nhrp nhs 10.226.1.129
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 1
!
interface Tunnel2354
ip address 10.54.65.2 255.255.255.0
tunnel source Dialer1
tunnel destination xxx.xxx.xxx.xxx #this is destination router ip
tunnel protection ipsec profile deviceProfile1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 10.14.0.1 255.255.252.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
load-interval 30
dialer pool 1
no cdp enable
!
router eigrp 1
network 10.14.0.0 0.0.3.255
network 10.226.1.128 0.0.0.63
auto-summary
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 10.14.0.0 0.0.255.255 area 0
network 10.54.64.0 0.0.0.255 area 0
network 10.54.65.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source list Inet interface Dialer1 overload
!
ip access-list extended DEFENCE
permit udp any host 89.109.36.88 eq isakmp non500-isakmp
permit esp any host 89.109.36.88
permit icmp any host 89.109.36.88
permit tcp any host 89.109.36.88 eq 4444
permit gre any host 89.109.36.88
deny ip any any
ip access-list extended Inet
permit ip 10.14.0.0 0.0.3.255 any
!
no cdp run

 

 

Labels:
5 Replies 5

MHM Cisco World
VIP
VIP

‎12-29-2021 03:22 AM

first are you sure the Tunnel is UP ?
second there are two tunnel share same Dialer interface ? 

0 Helpful

samerkareemlo1993
Level 1
Level 1
In response to MHM Cisco World

‎12-29-2021 03:25 AM

this is my tunnel in tow routers  and it is up

this is my tunnel >> Tunnel2354

from router 1 

i can ping 10.54.65.2

and ping 10.54.65.1

and from router 2 

i can ping 10.54.65.2

and ping 10.54.65.1

but other subnets is not ping because ospf routing is not runinng 

Richard Burts
Hall of Fame
Hall of Fame
In response to samerkareemlo1993

‎12-30-2021 01:22 AM

It is interesting that you are able to ping the tunnel interfaces address. Please post the output of these commands on both routers

show ip interface brief
show ip ospf interface
HTH

Rick
0 Helpful

MHM Cisco World
VIP
VIP
In response to samerkareemlo1993

‎12-30-2021 03:48 AM

"ip ospf network non-broadcast" under both tunnel. 
please enter this command and send the show ip route.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to samerkareemlo1993

‎12-30-2021 09:33 PM

Hello @samerkareemlo1993 ,

add a tunnel key to each tunnel with different value to help the router understand if the packet is coming from tu1111 or from the point to point tunnel.

This might solve your issue with OSPF om p2p tunnel.

 

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents