Hi

I`m trying to make a simple GRE Tunnel between two CISCO SOHO91 routers. I make the tunnel but i cannot ping the eth0 (LAN) interface of the remote router. I think that it is a routing problem.How can I solve this?

I use as

tunnel source the eth1 interface of the local router and as

tunnel destination the WAN ip address of the remote router

I want to ping the LAN interface of the remote router..What should I do??

Help me please

I`m posting the configuration of my routers

Local Router

interface Tunnel0

description gre tunnel

ip address 20.20.20.1 255.255.255.0

tunnel source Ethernet1

tunnel destination 192.168.115.133

tunnel checksum

!

interface Ethernet0

ip address 10.10.10.11 255.255.255.0

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address 192.168.115.132 255.255.255.0

duplex auto

no cdp enable

!

ip classless

ip route 10.10.10.0 255.255.255.0 Tunnel0

ip route 10.10.10.0 255.255.255.0 10.10.10.12

ip http server

Remote router

interface Tunnel0

description gre tunnel

ip unnumbered Ethernet0

tunnel source Ethernet1

tunnel destination 192.168.115.132

tunnel checksum

!

interface Ethernet0

ip address 10.10.10.12 255.255.255.0

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address 192.168.115.133 255.255.255.0

duplex auto

no cdp enable

!

ip classless

ip http server

no ip http secure-server

Thank You in Advance

Gjergji

Gjergji

You have the same subnet on your Ethernet1 interfaces. They have to be in different subnets. For this to work try changing remote E1 to another subnet and change "tunnel destination" to that address

But i need to use the same subnet. I need to route packets through this tunnel from one site to another. I did it before with two Linux Machines running openVPN, but now I want to do this with the cisco routers. And i want to use GRE tunnel

What should I do please???

Thank You

There are several things in the configs that do not seem right. Perhaps when they are straightened out it will work.

Right now the biggest problem is that if you are on the local router and attempt to ping the Ethernet 0 of the remote router, the local router will believe that 10.10.10.12 is reachable through the connected subnet on Ethernet 0 and will not try anything else. You will need to correct this.

The local router tunnel is in subnet 20.20.20 while the remote router tunnel is in subnet 10.10.10 (unnumbered from Eth 0). Why are the two ends in different networks?

Both Ethernet 0 interfaces are in subnet 10.10.10 which would make sense if they are actually connected. Are they connected through these interfaces? If they are not connected then one of them needs to be configured in a different subnet (or perhaps a different network).

Both Ethernet 1 interfaces are in 192.168.115 and since this is what the tunnel destinations point at it looks like the routers are connected to each other by this interface. Is that correct?

The local router has two static routes configured:

ip route 10.10.10.0 255.255.255.0 Tunnel0

ip route 10.10.10.0 255.255.255.0 10.10.10.12

It does not make much sense to have two static routes for the same network pointing different ways. And since the 10.10.10.0 network is a connected network (connected on Ethernet 0) the static routes will not be used anyway. You should remove these routes or put in static routes that make sense.

The remote router has no static routes. Did you intend to have static routes there?

You can make this situation work with static routes or with dynamic routing protocol. You need to decide which way you want it to work and then configure that.

HTH

Rick

Hi Rick

I need to build a kind of VPN connection between two sites. I really need to use the same subnet on both sites. I tryed to use bridging accros GRE tunnel, but this kind of scenario is not supported by the Cisco SOHO91 routers! Is that right??

Can you tell me any sugestion???

I`d like to use GRE tunnel as well but i need the same subnet on both sites.

Thank You in Advance

Gjergji

There are several things in the configs that do not seem right. Perhaps when they are straightened out it will work.

Right now the biggest problem is that if you are on the local router and attempt to ping the Ethernet 0 of the remote router, the local router will believe that 10.10.10.12 is reachable through the connected subnet on Ethernet 0 and will not try anything else. You will need to correct this.

The local router tunnel is in subnet 20.20.20 while the remote router tunnel is in subnet 10.10.10 (unnumbered from Eth 0). Why are the two ends in different networks?

Both Ethernet 0 interfaces are in subnet 10.10.10 which would make sense if they are actually connected. Are they connected through these interfaces? If they are not connected then one of them needs to be configured in a different subnet (or perhaps a different network).

Both Ethernet 1 interfaces are in 192.168.115 and since this is what the tunnel destinations point at it looks like the routers are connected to each other by this interface. Is that correct?

The local router has two static routes configured:

ip route 10.10.10.0 255.255.255.0 Tunnel0

ip route 10.10.10.0 255.255.255.0 10.10.10.12

It does not make much sense to have two static routes for the same network pointing different ways. And since the 10.10.10.0 network is a connected network (connected on Ethernet 0) the static routes will not be used anyway. You should remove these routes or put in static routes that make sense.

The remote router has no static routes. Did you intend to have static routes there?

You can make this situation work with static routes or with dynamic routing protocol. You need to decide which way you want it to work and then configure that.

HTH

Rick

This is my problem

"(Right now the biggest problem is that if you are on the local router and attempt to ping the Ethernet 0 of the remote router, the local router will believe that 10.10.10.12 is reachable through the connected subnet on Ethernet 0 and will not try anything else. You will need to correct this)"

How to correct This??????

I solved the subnet of tunnel interfaces issue, but please can you tell me how to route packets from one side to the other side. So my real problem is, how to ping the remote router eth0 (LAN) interface from the local router.

Can you give me any example configuration?

I Used the following:

Local Router

tunnel0 ip 20.20.20.1 255.255.255.0

ethernet 0 ip 10.10.10.11 255.255.255.0

ethernet 1 ip 192.168.115.132 255.255.255.0

Remote Router

tunnel0 ip 20.20.20.2 255.255.255.0

ethernet 0 ip 10.10.10.12 255.255.255.0

ethernet 1 ip 192.168.115.133 255.255.255.0

I`d like to use static routes, but i having trouble making the configuration...Can You help me??

Yes the problem is that

Yes I want to use the same subnets on the three interfaces on both routers, as I used before on my VPN network usin two Linux machines Running openVPN software+Bridge.

Thank You Very Much

Gjergji

I gather from what you say that Ethernet 0 of local is not connected to Ethernet 0 of remote. Is this correct?

If the two interfaces are not connected why do you want to have the same subnet configured on both interfaces?

Having the same subnet on two interfaces that are not connected is the biggest of your problems. Correct that and see what happens.

HTH

Rick

Quote: Yes I want to use the same subnets on the three interfaces on both routers, as I used before on my VPN network usin two Linux machines Running openVPN software+Bridge.

You can't do that. In addition to what was stated before, the main difference is that you used openVPN + *Bridge*

The bridge is the difference. You can't split a subnet across a router and expect it to work. The only way to keep everything in the same broadcast domain is bridge the two segments. Since you are actually routing, you are breaking your 'pings'. Your local host tries to ping the IP at the remote site. It determines that the remote host is a 'local' IP address (based on it's own IP address and the subnet mask) so it only ARPs for the address...instead of forwarding the packet to the local gateway (your router). It never hears a response to that ARP, because the router keeps the ARP from going across to the remote site.

edit: I think in your instance, a bridged virtual interface setup will do what you want...but I have never set one up.

Yes I solve the problem...Thank you very much

Gjergji