Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1584
Views
0
Helpful
6
Replies

GRE through a firewall

mulhollandm
Level 1
Level 1

‎07-24-2007 02:30 PM - edited ‎03-03-2019 06:00 PM

folks

i'm trying to set up a a GRE tunnel through a firewall but hitting some difficulties

i'm using loopback addresses at both ends and then an ip address per interface

i have routing between the two loopbacks and a trace from either to the other is hitting the firewall

i haven't put in any routes for the 2 physical addresses as they are both on the same 30 bit network and should see each other if the loopbacks can

is this right?

if not what else do i need to do and how can i check it out

i'm a bit curious as to how the two physical addresses are supposed to see each other

thanks to anyone taking the time to reply

Labels:
0 Helpful
6 Replies 6

paolo bevilacqua
Hall of Fame
Hall of Fame

‎07-24-2007 02:54 PM

Hi,

can you do a litte diagram of you network with addresses and config snippet ?

Also importan have you configure the firewall to let gre pass ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎07-24-2007 02:59 PM

Michael

I am slightly confused about your situation. You describe the traffic from one interface to the other as going through a firewall and then you seem to describe tham as being on the same /30 subnet. How can they be in the same subnet and be going through a firewall?

You will probably need some access rule in the firewall. You could either just permit traffic from 1 IP to the other, or you could permit GRE which is IP protocol 47.

Perhaps you can clarify your topology and environment so that we can help give you better answers.

HTH

Rick

HTH

Rick
0 Helpful

mulhollandm
Level 1
Level 1
In response to Richard Burts

‎07-24-2007 03:46 PM

thought i have already responded to this but can't see it so here goes again!

i've attached a diagram with IPs suitably amended

i have 2 firewall rules from loopback to lookback for IP 47 and i can ping from one to the onther through the firewall

thanks for your help

Preview file
34 KB
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mulhollandm

‎07-25-2007 06:31 PM

Michael

I have looked at the diagram that you posted and it clarifies parts of what we need to know but leaves some questions. I see that the diagram shows the loopback addresses as /32 host addresses and this can be just fine. But the drawing shows the tunnel destination as the remote loopback with a /30 mask. I still do not understand that inconsistency. If the local router believes that the tunnel destination is is a subnet that is connected on the loopback interface then the packets for the GRE tunnel will never be transmitted outside of the router.

Perhaps you can clarify the addressing issue? It would also help if you could post the output of show ip route from both of the routers.

HTH

Rick

HTH

Rick
0 Helpful

mulhollandm
Level 1
Level 1
In response to Richard Burts

‎07-26-2007 07:37 AM

rick

many thanks for your reply

i got the tunnel up by removing it and re configuring it

i also made a route changes so again thanks for your help - i think my diagram my be slightly out

i'm now looking the relevant command to troubleshoot traffic on the tunnel!

thanks again

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mulhollandm

‎07-26-2007 07:52 AM

Michael

I am glad that you now have the tunnel working. Sometimes removing and re-configuring is a good approach to resolve issues where something is not working. It sometimes helps you to rethink what you are trying to accomplish.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card