Solved: Can't get working Cisco STUN (Serial tunneling) in LAN

WiressFriendly · ‎10-04-2017

Hi all!

I am trying to run very simple thing, Cisco STUN (serial tunnelling). I run on 2 Cisco 2811 with IOS 15.x AES edition. They are plugged in the same LAN (192.168.1.0/24) via unmanaged switch and uses FE0/0 for LAN connectivity. FE0/1 ports are not used. HWIC-1T modules installed to enable serial communications. Cisco DCE and DTE cables are plugged in and interfaces shows up / up statuses, both blinks green when COM port is opened at PC side (DCE cable). When I working on it, I followed to this Cisco guide: STUN Basic with Multiple Tunnels and can't get it working.

Symptoms: no serial comms, no packet count, no debug packets. Looks like there is no connectivity between STUN peers. Of course, the rest services work fine, routers can ping each other in 192.168.1.x network.

All looks very simple in Cisco's sample, but they are omitted Ethernet settings, including FE0/0. I am not networking guru and can't imagine that must be there. Particularly, I am not sure about FE0/0 settings in case of IP address and mask. Also I am not sure about another network set for loopback adapters or not (192.168.168.0/24 for loopback instead of 192.168.1.0/24 for FE0/0 port) . Also, I don't have any NAT enabled as well as static routes. I only can suppose, that 192.168.162.143 peer can't reach 192.168.162.144 peer via LAN.

Please check my network diagram HERE (png file, just 35KB).

Also, please pay attention that I no need 2 tunnels right now, so I simplified Cisco's samples for 1 STUN only (but not 2 as Cisco did). Please check my configuration and output:

R1 STUN section

stun peer-name 192.168.1.143 
stun protocol-group 9 basic 

interface serial 0 
encapsulation stun 
stun group 9 
stun route all tcp 192.168.1.144

interface loopback 0 
ip address 192.168.1.144 255.255.255.0

R2 STUN section

stun peer-name 192.168.1.144
stun protocol-group 9 basic 

interface serial 0 
encapsulation stun 
stun group 9 
stun route all tcp 192.168.1.143

interface loopback 0 
ip address 192.168.1.144 255.255.255.0

R1 show stun

2811_1#show stun
This peer: 192.168.168.143

 Serial0/3/0  (group 9 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.144    closed              0         0         0

R2 show stun

This peer: 192.168.168.144

 Serial0/3/0  (group 9 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.143    closed              0         0         0

R1 interface s0/3/0

2811_1#
2811_1#show interface serial 0/3/0
Serial0/3/0 is up, line protocol is up
  Hardware is GT96K Serial
  MTU 2104 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation STUN, loopback not set
  Keepalive not set
  Last input never, output 02:53:18, output hang never
  Last clearing of "show interface" counters 02:50:42
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     1 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

R2 interface s0/3/0

2811_2#
2811_2#show interface serial 0/3/0
Serial0/3/0 is up, line protocol is up
  Hardware is GT96K Serial
  MTU 2104 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation STUN, loopback not set
  Keepalive not set
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 02:52:28
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=down  CTS=up

R1 running conf

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2811_1
!
boot-start-marker
boot system usbflash1:c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
ip domain name somedom.com
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
crypto pki token default removal timeout 0
!
redundancy
!
ip tftp source-interface FastEthernet0/0
!
stun peer-name 192.168.168.143
stun protocol-group 9 basic
!
interface Loopback0
 ip address 192.168.168.143 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.1.143 255.255.255.0
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/3/0
 mtu 2104
 no ip address
 encapsulation stun
 stun group 9
 stun route all tcp 192.168.1.144
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
access-list 23 permit 192.168.1.0 0.0.0.255
!
snmp-server community someSTRINGhere RW
!
control-plane
!
mgcp profile default
!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 password somePASS
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 logging synchronous
 login local
 transport input ssh
!
scheduler allocate 20000 1000
end

R2 running conf

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2811_2
!
boot-start-marker
boot system usbflash1:c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
ip domain name somedom.com
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
crypto pki token default removal timeout 0
!
redundancy
!
ip tftp source-interface FastEthernet0/0
!
stun peer-name 192.168.168.144
stun protocol-group 9 basic
!
interface Loopback0
 ip address 192.168.168.144 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.1.144 255.255.255.0
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/3/0
 mtu 2104
 no ip address
 encapsulation stun
 stun group 9
 stun route all tcp 192.168.1.143
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
access-list 23 permit 192.168.1.0 0.0.0.255
!
snmp-server community someSTRINGhere RW
!
control-plane
!
mgcp profile default
!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 password somePASS
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 logging synchronous
 login local
 transport input ssh
!
scheduler allocate 20000 1000
end

My network diagram is attached, please check. It's not very professional I think, but I hope that it will give you all information needed.

Any help will be appreciated.

jihicks · ‎10-18-2017

Hi,

The STUN route statement under the serial interface needs to point at the STUN peer IP address of the other STUN router, Here is the configuration:

router 1:

stun peer-name 192.168.168.143
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.144
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.144
no shut
!
interface loopback 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
no shut

====================================================
Router 2:

stun peer-name 192.168.168.144
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.143
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.143
no shut
!
interface loopback 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.144
no shut

Best Regards,

Jim

View solution in original post

WiressFriendly · ‎10-05-2017

After the advice of one guy I got ping running beween loopback interfaces in the 192.168.168.0/24 network. Here is what I added:

R1
conf term
int lo 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
end

R2
conf term
int lo 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.143
end

But STUN still doesn't work. No packet count, all closed status and all zeros on show stun output.

But in debug I can see local S0/3/0 status changes when I open COM by any app:

*Oct  5 14:14:21.215: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to down
*Oct  5 14:14:22.215: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to down
2811_2(config-if)#
*Oct  5 14:14:34.151: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to up
*Oct  5 14:14:35.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up

It confirms that serial interface is OK and need some proper settings to be connected to other peer. IMHO, something wrong with STUN network peering/connectivity.

Here is how I debug it:

show stun
debug stun packet
debug stun event
terminal monitor

Please advise how to fix STUN and get it working via network.

Could my problem be in partially discarded Cisco config in case of 2-nd tunnel (group 13/second local serial interface)?

Richard Burts · ‎10-06-2017

Since we do not know what you omitted from the original example it is difficult to know whether this is a factor in your config not working.

I have a suggestion and a question. I am not sure that it is significant but I would suggest that you change your statement for stun route to use the address of the remote peer, like this

stun route all tcp 192.168.168.144

I also have a question about what you are using to send the traffic for stun, and in particular to ask if you are sure that these devices are generating the appropriate clocking for the serial interface.

HTH

Rick

HTH

Rick

WiressFriendly · ‎10-06-2017

Hi Rick!

Thanks for your response and desire to help. Really appreciate it!

I tried 2 different configs, including full Cisco's example with my addressing:

2811_1	2811_2
conf term	conf term
stun peer-name 192.168.168.143	stun peer-name 192.168.168.144
stun protocol-group 9 basic	stun protocol-group 9 basic
stun protocol-group 13 basic	stun protocol-group 13 basic
!	!
interface serial 0/3/0	interface serial 0/3/0
no ip address	no ip address
encapsulation stun	encapsulation stun
stun group 9	stun group 9
stun route all tcp 192.168.1.144	stun route all tcp 192.168.1.143
no shut	no shut
!	!
interface serial 0/2/0	interface serial 0/2/0
encapsulation stun	encapsulation stun
stun group 13	stun group 13
stun route all tcp 192.168.1.144	stun route all tcp 192.168.1.143
no shut	no shut
!	!
interface loopback 0	interface loopback 0
ip address 192.168.168.143 255.255.255.0	ip address 192.168.168.144 255.255.255.0
no shut	no shut

Because loopback interfaces were not able to reach each other, I added these lines:

int lo 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
end

int lo 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.143
end

After that loopback interfaces become responsible for ping over network. But serial link still isn't working.

After that I tried another config which come from this board marked as solved in that's thread: https://supportforums.cisco.com/t5/wan-routing-and-switching/serial-tunneling/m-p/1876895/thread-id/184901

Here is a version with my addressing:

hostname 2811_1	hostname 2811_2
interface loopback 0	interface loopback 0
desc * LOOPBACK 0 FOR STUN PEERING *	desc * LOOPBACK 0 FOR STUN PEERING *
ip address 192.168.168.143 255.255.255.255	ip address 192.168.168.144 255.255.255.255
no ip redirect	no ip redirect
no ip directed-broadcast	no ip directed-broadcast
exit	exit
stun peer-name 192.168.168.143	stun peer-name 192.168.168.144
stun protocol-group 100 basic	stun protocol-group 100 basic
!	!
interface Serial0/3/0	interface Serial0/3/0
desc * LINK TO ROUTER 2811_2 *	desc * LINK TO ROUTER 2811_1 *
ip address 192.168.168.149 255.255.255.252	ip address 192.168.168.150 255.255.255.252
no ip directed-broadcast	no ip directed-broadcast
no shut	no shut
interface Serial0/2/0	interface Serial0/2/0
desc * STUN LINK - THIS IS THE DCE END *	desc * STUN LINK - THIS IS THE DCE END *
no ip address	no ip address
no ip directed-broadcast	no ip directed-broadcast
encapsulation stun	encapsulation stun
~~no ip mroute-cache~~	~~no ip mroute-cache~~
clockrate 9600	clockrate 9600
stun group 100	stun group 100
stun route all interface serial 0/3/0 direct	stun route all interface serial 0/3/0 direct
no shut	no shut
interface fast 0/0	interface fast 0/0
desc * LAN ON ROUTER 2811_1 *	desc * LAN ON ROUTER 2811_2 *
ip address 192.168.1.143 255.255.255.0	ip address 192.168.1.144 255.255.255.0
!	!
ip route 192.168.168.144 255.255.255.255 192.168.168.150 name LOOPBACK-2811_2	ip route 192.168.168.143 255.255.255.255 192.168.168.149 name LOOPBACK-2811_1
ip route 192.168.1.144 255.255.255.255 192.168.168.150 name LAN-2811_2	ip route 192.168.1.143 255.255.255.255 192.168.168.149 name LAN-2811_1

But still no luck :(

About your question. I am using regular PC with hardware COM port. It's 100% working and tested. I run WinSSD program there and use special serial test plug at remote end:

Also I use Cisco DCE cable on PC side and DTE cable on other side (where I connect test plug).

With no routers inserted in the "serial line path" (just PC, serial cables, adapters and plug), all test passes with no issues. Via routers WinSSD shows no connectivity and no sync:

Sending Test Pattern ( 55 - AA hex )
Error - Timeout!  Check connector.

PC port settings are standard:

BPS: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None

With the last config I used serial0/3/0 interfaces at the both routers. Cisco 72-1430-01 (CAB-SS-232FC) DCE cable was used to connect PC. Cisco 72-1431-01 (CAB-SS-232MT) DTE cable was used to connect other side (test plug in my case).

When I connect test plug, I see that local serial interface become active (up status and green LED). When press Port - Open in WinSSD, I see how local serial interface become active too (up status and green LED). So, both serial interfaces up and running before I run any tests.

Any other tests (not WinSSD) also fails and it's predictable, because packet counters in STUN links always shows all zeros in RX/TX lines.

Do you have other ideas after that? I really need them because I am not very good with Cisco.

Richard Burts · ‎10-07-2017

The point of my suggestion was to change the stun route command to use the address used by the other router as its stun peer address. It is not clear whether you tried that or not. But thinking about your comment that the stun packet counters consistently show zero, I suspect that changing the stun route command might not have much effect.

The other config that you tried is interesting, especially the use of interface direct instead of tcp. I am sorry that it did not work.

I continue to wonder if the issue might relate to clocking on the stun link and whether the router is recognizing the clocking signals. But if the serial interfaces are coming to an up/up state then it would seem likely that they do see clocking on the interface.

HTH

Rick

HTH

Rick

WiressFriendly · ‎10-07-2017

Hi Rick!

Thanks for your reply.

I am not sure about your advice. Because as I see, all peer routing targeted to address of remote router. Or, if I am wrong, can you copy/paste one of two config examples, change what is needed and show me changed data with some highlighting?

And what do you think about local serial port test? How to check that serial port works fine, can accept data, etc.? It would be better to fing some packet counter. To ensure that both ports able to communicate properly and wired properly?

And one important thing. Clocking has nothing on port status. Up/up statuses are easy to get just by changing DTR state to level (e.g. by suppling +7..12VAC to pin #4 on DB9 or pin#20 on DB-25 ). I did this trick and get in console these messages:

*Oct  7 18:52:29.708: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to down
*Oct  7 18:52:30.708: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to down

Do you have ideas how to diag serial port locally or link 2 serial ports on router locally (with no STUN involved)?

Thanks!

WiressFriendly · ‎10-07-2017

Here is block diagram of my setup. Is it correct? Especially, cables used, port modes (DCE vs DTW), serial ports used? I run config #2 provided by other member by link.

WiressFriendly · ‎10-07-2017

This is what I see on R2 when I debug serial ports. Looks like nothing bad with S0/3/0, and only S0/2/0 is in trouble (as must be, because I haven't connected any cables to it).

*Oct 7 22:06:32.404: DCE idb->dte_interface = DCE
*Oct 7 22:06:32.404: Dscc4(Serial0/3/0): DTR is up.

2811_2#
*Oct 7 22:06:34.404: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to up
*Oct 7 22:06:35.404: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up
2811_2#
*Oct 7 22:06:56.792: Serial0/2/0: attempting to restart
*Oct 7 22:06:56.792: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE
2811_2#
*Oct 7 22:07:26.800: Serial0/2/0: attempting to restart
*Oct 7 22:07:26.800: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE
2811_2#
*Oct 7 22:07:56.800: Serial0/2/0: attempting to restart
*Oct 7 22:07:56.800: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE
2811_2#
*Oct 7 22:08:26.808: Serial0/2/0: attempting to restart
*Oct 7 22:08:26.808: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE

PC is keeping S0/3/0 port up and sending test data on 9600 or 115200 speeds. R2's S0/3/0 port configured for clock speed 9600 or 115200 respectively. PC serial test programs configured for the same speed.

Looks like is must work with STUN/IP connectivity/routing.

Richard Burts · ‎10-08-2017

Thank you for the output that shows that the line comes up and the line protocol comes up.

*Oct 7 22:06:34.404: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to up
*Oct 7 22:06:35.404: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up

I believe that it is especially significant that the line protocol comes up. Does it stay up? Or does the line protocol go back down while you are attempting to test?

HTH

Rick

HTH

Rick

WiressFriendly · ‎10-09-2017

Rick,

Serial ports always up stay up until infinitely until I de-key DTR or close serial port at PC.

Now I am digging in other direction. I found out, that different serial port test software gives me FRAME errors (and other kind of errors, like garbage in RX window) at the PC end. PC port speed and Cisco's DTE port correspondence to clock rate doesn't matter. Looks like 2811_2's DCE port doesn't provide clocking for some reason. Could it be due to missed clocking off modem (DCE port of 2811_1)? Because I do not send any clocking to that's port, because there is only test plug connected.

Another important thing. Looks like STUN is for synchronous serial links only due to SDLC frames usage (where S is Synchronous). I think that I need to supply sync or set Cisco to do that internally.

Here is my updated block diagram with notes. I drawn some clouds with comments and thoughts. And now I need to clarify those, especially big blue one.

What do you think about?

WiressFriendly · ‎10-15-2017

So guys, I have some progress. I got link working in pseudowire mode, but not in STUN. In the both cases I did a mistake in bench test configuration. STUN and pseudowire provides synchronous link and they doesn't supports asynchronous comms (what is commonly used by PC port). In this case, one device must provide clocking and another device must listen to it and take to account. So, to test setup of such kind, you must have 2 devices that supports synchronous coms and one of them can provide clocking. Test software (like WinSSD) and loopback plug will NOT work.

Here is working config fit pseudowire mode:

2811_1	2811_2
pseudowire-class link1	pseudowire-class link1
encapsulation l2tpv3	encapsulation l2tpv3
ip local interface FastEthernet0/0	ip local interface FastEthernet0/0
exit	exit
interface Serial0/3/0	interface Serial0/3/0
no ip address	no ip address!no fair-queuexconnect 192.168.1.143 100 pw-class link1
clock rate 9600	!
no fair-queue	!
xconnect 192.168.1.144 100 pw-class link1	!

It's tested and works fine.

Current problem - I still can't get working the same link in STUN mode. Here is config based on Cisco and it doesn't work:

2811_1	2811_2
conf term	conf term
stun peer-name 192.168.168.143	stun peer-name 192.168.168.144
stun protocol-group 101 basic	stun protocol-group 101 basic
stun protocol-group 102 basic	stun protocol-group 102 basic

interface serial 0/3/0	interface serial 0/3/0
no ip address	no ip address
encapsulation stun	encapsulation stun
stun group 101	stun group 101
stun route all tcp 192.168.1.144	stun route all tcp 192.168.1.143
no shut	no shut

interface serial 0/2/0	interface serial 0/2/0
encapsulation stun	encapsulation stun
stun group 102	stun group 102
stun route all tcp 192.168.1.144	stun route all tcp 192.168.1.143
no shut	no shut

interface loopback 0	interface loopback 0
ip address 192.168.168.143 255.255.255.0	ip address 192.168.168.144 255.255.255.0
no shut	no shut

int lo 0	int lo 0
ip address 192.168.168.143 255.255.255.255	ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144	ip route 192.168.168.143 255.255.255.255 192.168.1.143
end	end

And have no ideas why it can't provide working link setup that is hooked/wired properly (hardware setup/wiring is the same as was used for pseudowire).

But now STUN shows a lot of debug data and packet counters grow.

R1:

2811_1#show stun
This peer: 192.168.168.143
Serial0/2/0  (group 102 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.144    closed              0         0         0

Serial0/3/0  (group 101 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.144    closed          81563    326257       192

R2:

2811_2#show stun
This peer: 192.168.168.144
Serial0/2/0  (group 102 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.143    closed              0         0         0

Serial0/3/0  (group 101 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.143    closed          80568    322283       633

I am plugged to serial 0/3/0 interfaces of course. Both interfaces are up/up and can ping each other.

STUN debug output is attached.

Any ideas please how to run link in STUN mode? Thanks!

jihicks · ‎10-18-2017

Hi,

The STUN route statement under the serial interface needs to point at the STUN peer IP address of the other STUN router, Here is the configuration:

router 1:

stun peer-name 192.168.168.143
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.144
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.144
no shut
!
interface loopback 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
no shut

====================================================
Router 2:

stun peer-name 192.168.168.144
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.143
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.143
no shut
!
interface loopback 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.144
no shut

Best Regards,

Jim

WiressFriendly · ‎10-19-2017

Thanks a lot Jim, you're right. Issue resolved.