05-04-2006 05:25 AM - edited 03-09-2019 02:48 PM
If I have the 126.139.5.225 default routes the GRE tunnel will not work
from one the computers on the LAN side. Can anyone help me.
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
ip audit po max-events 100
!
crypto isakmp policy 10
authentication pre-share
group 2
lifetime 3600
crypto isakmp key xxxxx address xxxxxxxxxxxxxxxx
crypto isakmp key xxxxx address xxxxxxxxxxxxxxxx
crypto isakmp key xxxx address xxxxxxxxxxxxxxxx
!
crypto ipsec transform-set des esp-des esp-md5-hmac
!
crypto map xxxxxxxxx 10 ipsec-isakmp
set peer xxxxxxxxxxxxxxx
set peer xxxxxxxxxxxxxxx
set peer xxxxxxxxxxxxxxxxx
set transform-set des
match address 150
!
interface Tunnel0
description to xxxxxxxxxx
ip address 10.10.151.2 255.255.255.252
no ip route-cache cef
no ip route-cache
no ip mroute-cache
tunnel source FastEthernet0/0
crypto map xxxxxxxx
!
interface Tunnel1
description Tunnel to xxxxxxx
bandwidth 10000
ip address 10.10.152.2 255.255.255.252
no ip route-cache cef
no ip route-cache
no ip mroute-cache
tunnel source FastEthernet0/0
tunnel destination xxxxxxxxxxxxxxxxxxx
crypto map xxxxxx
!
interface Tunnel2
description GRE tunnel to xxxxx
bandwidth 10000
ip address 10.10.153.2 255.255.255.252
no ip route-cache cef
no ip route-cache
no ip mroute-cache
tunnel source FastEthernet0/0
tunnel destination xxxxxxxxxxxxxxxxxx
crypto map xxxxxx
!
interface Tunnel3
description To xxxxxxxxx
ip address 10.199.0.34 255.255.255.252
no ip route-cache cef
no ip route-cache
no ip mroute-cache
tunnel source FastEthernet0/0
tunnel destination xxxxxxxxxxxxxxxxxxxx
crypto map xxxxxxx
!
interface FastEthernet0/0
ip address 126.139.x.x.255.255.248
ip nat outside
duplex auto
speed auto
crypto map xxxxxxx
!
interface Serial0/0
bandwidth 1536
ip address 126.139.x.x.x.255.252
ip verify unicast source reachable-via rx 2000
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
no ip mroute-cache
down-when-looped
no fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
interface FastEthernet0/1
ip address 10.1.0.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source list 102 interface Serial0/0 overload
ip nat inside source static tcp 10.1.0.3 3389 126.x.x.114 3389
extendable
ip nat inside source static tcp 10.1.0.20 1494 126.x.x.114 1494
extendable
ip nat inside source static tcp 10.1.0.20 443 126.x.x.114 443
extendable
ip nat inside source static tcp 10.1.0.3 3389 126.x.x.226 3389
extendable
ip nat inside source static tcp 10.1.0.254 23 126.x.x.114 23
extendable
ip nat inside source static tcp 10.1.0.254 23 126.x.x.226 23
extendable
ip nat inside source static tcp 10.1.0.20 1494 126.x.x.226 1494
extendable
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.x.xx.0 126.139.47.113
ip route 0.0.0.x.x.x.0 126.139.5.225
ip route 10.1.x.xx.255.0 Tunnel1
ip route 10.x.x.0 255.255.255.0 Tunnel3
ip route 10.x.151.0 255.255.255.0 Tunnel0
ip route 10.x.x.0 255.255.255.0 Tunnel1
ip route 10.x.153.0 255.255.255.0 Tunnel2
ip route 10.x.x.0 255.255.255.0 Tunnel3
!
access-list 101 permit tcp any any
access-list 101 permit ip any any
access-list 102 permit ip any any
access-list 150 permit gre host 126.x.47.114 host xxxxxxxxxxxxxxxxx
access-list 150 permit gre host 126.x.47.114 host
xxxxxxxxxxxxxxxxxxxxxxxx
access-list 150 permit gre host 126.x.47.114 host xxxxxxxxxxxxxxxxxxx
05-04-2006 06:26 PM
You need to add static routes for your peers used on the Tunnel interfaces ( tunnel destination ) also i.e
ip route
I hope it helps .. please rate it if it does !!!
05-04-2006 06:30 PM
hhaaa ... I forgot please remove this one too
no ip route 0.0.0.0 0.0.0.0 126.139.47.113
your tunnels were going down because they are trying to go out by the serial interface instead of the F0/0
05-04-2006 10:29 PM
Hi
Not sure whether its a typo you are missing tunnel destination under Tunnel 0 which is very much required to get the tunnel up..
interface Tunnel0
description to xxxxxxxxxx
ip address 10.10.151.2 255.255.255.252
no ip route-cache cef
no ip route-cache
no ip mroute-cache
tunnel source FastEthernet0/0
crypto map xxxxxxxx
hope you can get your tunnel 0 up once you add on tunnel destination under the same.
Also as fernando mentioned dont point default routes via the next hop,only route the tunnel destination ips via the next hop and point your default routes if needed towards the tunnel and also the remote lans which is required to be routed via the tunnel..
regds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide