Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
3
Replies

Two default routes and GRE tunnel does not work

leomni
Level 1
Level 1

‎05-04-2006 05:25 AM - edited ‎03-09-2019 02:48 PM

If I have the 126.139.5.225 default routes the GRE tunnel will not work

from one the computers on the LAN side. Can anyone help me.

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

ip audit po max-events 100

!

crypto isakmp policy 10

authentication pre-share

group 2

lifetime 3600

crypto isakmp key xxxxx address xxxxxxxxxxxxxxxx

crypto isakmp key xxxxx address xxxxxxxxxxxxxxxx

crypto isakmp key xxxx address xxxxxxxxxxxxxxxx

!

crypto ipsec transform-set des esp-des esp-md5-hmac

!

crypto map xxxxxxxxx 10 ipsec-isakmp

set peer xxxxxxxxxxxxxxx

set peer xxxxxxxxxxxxxxx

set peer xxxxxxxxxxxxxxxxx

set transform-set des

match address 150

!

interface Tunnel0

description to xxxxxxxxxx

ip address 10.10.151.2 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

tunnel source FastEthernet0/0

crypto map xxxxxxxx

!

interface Tunnel1

description Tunnel to xxxxxxx

bandwidth 10000

ip address 10.10.152.2 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

tunnel source FastEthernet0/0

tunnel destination xxxxxxxxxxxxxxxxxxx

crypto map xxxxxx

!

interface Tunnel2

description GRE tunnel to xxxxx

bandwidth 10000

ip address 10.10.153.2 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

tunnel source FastEthernet0/0

tunnel destination xxxxxxxxxxxxxxxxxx

crypto map xxxxxx

!

interface Tunnel3

description To xxxxxxxxx

ip address 10.199.0.34 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

tunnel source FastEthernet0/0

tunnel destination xxxxxxxxxxxxxxxxxxxx

crypto map xxxxxxx

!

interface FastEthernet0/0

ip address 126.139.x.x.255.255.248

ip nat outside

duplex auto

speed auto

crypto map xxxxxxx

!

interface Serial0/0

bandwidth 1536

ip address 126.139.x.x.x.255.252

ip verify unicast source reachable-via rx 2000

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

no ip mroute-cache

down-when-looped

no fair-queue

service-module t1 timeslots 1-24

no cdp enable

!

interface FastEthernet0/1

ip address 10.1.0.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source list 102 interface Serial0/0 overload

ip nat inside source static tcp 10.1.0.3 3389 126.x.x.114 3389

extendable

ip nat inside source static tcp 10.1.0.20 1494 126.x.x.114 1494

extendable

ip nat inside source static tcp 10.1.0.20 443 126.x.x.114 443

extendable

ip nat inside source static tcp 10.1.0.3 3389 126.x.x.226 3389

extendable

ip nat inside source static tcp 10.1.0.254 23 126.x.x.114 23

extendable

ip nat inside source static tcp 10.1.0.254 23 126.x.x.226 23

extendable

ip nat inside source static tcp 10.1.0.20 1494 126.x.x.226 1494

extendable

no ip http server

no ip http secure-server

ip classless

ip route 0.0.0.x.xx.0 126.139.47.113

ip route 0.0.0.x.x.x.0 126.139.5.225

ip route 10.1.x.xx.255.0 Tunnel1

ip route 10.x.x.0 255.255.255.0 Tunnel3

ip route 10.x.151.0 255.255.255.0 Tunnel0

ip route 10.x.x.0 255.255.255.0 Tunnel1

ip route 10.x.153.0 255.255.255.0 Tunnel2

ip route 10.x.x.0 255.255.255.0 Tunnel3

!

access-list 101 permit tcp any any

access-list 101 permit ip any any

access-list 102 permit ip any any

access-list 150 permit gre host 126.x.47.114 host xxxxxxxxxxxxxxxxx

access-list 150 permit gre host 126.x.47.114 host

xxxxxxxxxxxxxxxxxxxxxxxx

access-list 150 permit gre host 126.x.47.114 host xxxxxxxxxxxxxxxxxxx

Labels:
0 Helpful
3 Replies 3

Fernando_Meza
Level 7
Level 7

‎05-04-2006 06:26 PM

You need to add static routes for your peers used on the Tunnel interfaces ( tunnel destination ) also i.e

ip route 255.255.255.255 126.139.47.113

I hope it helps .. please rate it if it does !!!

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to Fernando_Meza

‎05-04-2006 06:30 PM

hhaaa ... I forgot please remove this one too

no ip route 0.0.0.0 0.0.0.0 126.139.47.113

your tunnels were going down because they are trying to go out by the serial interface instead of the F0/0

0 Helpful

spremkumar
Level 9
Level 9
In response to Fernando_Meza

‎05-04-2006 10:29 PM

Hi

Not sure whether its a typo you are missing tunnel destination under Tunnel 0 which is very much required to get the tunnel up..

interface Tunnel0

description to xxxxxxxxxx

ip address 10.10.151.2 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

tunnel source FastEthernet0/0

crypto map xxxxxxxx

hope you can get your tunnel 0 up once you add on tunnel destination under the same.

Also as fernando mentioned dont point default routes via the next hop,only route the tunnel destination ips via the next hop and point your default routes if needed towards the tunnel and also the remote lans which is required to be routed via the tunnel..

regds

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents