Re: Problem encapsulating IPX with GRE

mlheureux · ‎05-13-2003

I have 2 routers that are separeted by a firewall PIX. I need to encapsulate IPX inside IP with GRE. I did create a tunnel interface on each router with a ipx network. Still ipx route are not exchange between the 2 routers.

I tried to use the loopback as the source then a specific vlan but nothing seem to work.

On my pix I have an ACL to permit gre.

My routers are MSFC blade on 6500 catalyst amy hints!!!

Christian Heroux

jasyoung · ‎05-15-2003

The first thing to do is divide the problem domain in half: is it the GRE endpoint settings and/or firewall config causing the problem, or is IPX incompletely or incorrectly configured. Test the GRE tunnel out by configuring an IP (not IPX) address on it, such as 192.168.250.1 netmask 255.255.255.252 (assuming that's unused on your network), and configure 192.168.250.2 netmask 255.255.255.252 on the other side.

If you cannot ping 192.168.250.2 from the router configured with 192.168.250.1, your GRE configuration or your firewall configuration is broken. Verify that your GRE endpoints are configured correctly and that the routers have routes to reach each other. Verify that your firewall is configured correctly. If your firewall is performing NAT translation one way or the other, you must set your GRE destination endpoints correctly to compensate. Verify again that your firewall is passing GRE traffic (check using 'debug ip packet' or a sniffer if you have to, but 'debug ip packet' will be hard on a busy router).

If you can ping back and forth, then you have an IPX configuration problem. Unfortunately the examples on CCO all seem to involve IPsec, but for the most part you can ignore the IPsec parts. I confess to not being an IPX guru of any sort, so I will direct you to this URL:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a0080093f70.shtml

jasyoung · ‎05-15-2003

The first thing to do is divide the problem domain in half: is it the GRE endpoint settings and/or firewall config causing the problem, or is IPX incompletely or incorrectly configured. Test the GRE tunnel out by configuring an IP (not IPX) address on it, such as 192.168.250.1 netmask 255.255.255.252 (assuming that's unused on your network), and configure 192.168.250.2 netmask 255.255.255.252 on the other side.

If you cannot ping 192.168.250.2 from the router configured with 192.168.250.1, your GRE configuration or your firewall configuration is broken. Verify that your GRE endpoints are configured correctly and that the routers have routes to reach each other. Verify that your firewall is configured correctly. If your firewall is performing NAT translation one way or the other, you must set your GRE destination endpoints correctly to compensate. Verify again that your firewall is passing GRE traffic (check using 'debug ip packet' or a sniffer if you have to, but 'debug ip packet' will be hard on a busy router).

If you can ping back and forth, then you have an IPX configuration problem. Unfortunately the examples on CCO all seem to involve IPsec, but for the most part you can ignore the IPsec parts. I confess to not being an IPX guru of any sort, so I will direct you to this URL:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a0080093f70.shtml

htaluja_2 · ‎05-22-2003

You will need a static (inside, outside) xxxx yyyy command for each router on each side.