Hello,

jfeo · ‎06-02-2017

I am trying to setup a GRE tunnel behind a service providers router CiscoRouter3900 >ATT DSL Router > INTERNET > Headend CiscoRouter 3900

port 47 is open on the ATT DSL router but I can still getttin up/down status

Georg Pauwen · ‎06-02-2017

Hello,

post the configurations of both routers. Is this GRE only ? Otherwise you might need UDP 500 and/or TCP 1723 as well...

jfeo · ‎06-02-2017

yes GRE only. I can ping wan ip address from either sites

Head end

interface Tunnel1
description TEST_IPICS
ip address 10.10.1.1 255.255.255.252
ip pim sparse-mode
keepalive 3 2
tunnel source GigabitEthernet0/1
tunnel destination xx.xx.xx.xx
tunnel path-mtu-discovery
end

Remote site

interface Tunnel1
description TEST_IPICS
ip address 10.10.1.2 255.255.255.252
ip pim sparse-mode
keepalive 3 2
tunnel source GigabitEthernet0/0
tunnel destination xx.xx.xx.xx
tunnel path-mtu-discovery
end

Georg Pauwen · ‎06-02-2017

Hello,

try the below (additions in bold)

Head End

interface Tunnel1
description TEST_IPICS
ip address 10.10.1.1 255.255.255.252
ip mtu 1400
tunnel mode gre ip
ip pim sparse-mode
keepalive 3 2
tunnel source GigabitEthernet0/1
tunnel destination xx.xx.xx.xx
tunnel path-mtu-discovery
end

Remote site

interface Tunnel1
description TEST_IPICS
ip address 10.10.1.2 255.255.255.252
ip mtu 1400
tunnel mode gre ip
ip pim sparse-mode
keepalive 3 2
tunnel source GigabitEthernet0/0
tunnel destination xx.xx.xx.xx
tunnel path-mtu-discovery
end

jfeo · ‎06-02-2017

Added no change. I had this working when remote site wasn't behind a NAT.

Port forwarding only on 47

Georg Pauwen · ‎06-02-2017

Hello,

which traffic is being translated ? Post the full configs of both sites...

jfeo · ‎06-02-2017

The Headend is directly connected to the ISP. The Remote site is behind a router giving out a DHCP address.

both configs are standard. Basically it would be like if you put a Cisco router behind your linksys router and tried to establish a GRE tunnel

interface Tunnel1
description IPICS
ip address 10.10.1.2 255.255.255.252
ip mtu 1400
ip pim sparse-mode
keepalive 3 2
cdp enable
tunnel source GigabitEthernet0/0
tunnel destination xx.xx.xx.xx
tunnel path-mtu-discovery
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
!

ip route 10.10.10.10 255.255.255.255 Tunnel1
ip route 192.168.1.0 255.255.255.0 Tunnel1
ip route 0.0.0.0 0.0.0.0 dhcp

Georg Pauwen · ‎06-02-2017

Hello,

you need to put the ATT DSL router in bridge mode for this to work. What is the IP address assigned to GigabitEthernet0/0 ?

jfeo · ‎06-02-2017

it gets a dhcp 192.168.0.xxx gateway 192.168.0.254.

I have port 47 port forward to 192.168.0.xxx

Georg Pauwen · ‎06-02-2017

Hello,

that is the problem. Your tunnel source is now a private IP address, while on the other side, it is a public address, that is why the tunnel won't come up. Is it an option to put the modem/DSL router in bridge mode ?

What type/brand is the ATT DSL router ?

Georg Pauwen · ‎06-02-2017

Or, actually, what is the purpose of the ATT DSL router as an addition to your existing network ?

jfeo · ‎06-02-2017

Basically I am trying setup a GRE tunnel from my house while still using my existing network.

It is a att NVG599

Georg Pauwen · ‎06-02-2017

Ok, that makes sense. The NVG599 has a coax connector right ? So you cannot simply hook up your Cisco...

Putting the NVG599 in bridge/passthrough mode is fairly easy. That way, your Cisco will work with the tunnel as your originally configured it.

Have a look here for instructions:

http://www.dslreports.com/faq/17734

a.alekseev · ‎06-02-2017

GRE do not use port 47.

47 is a protocol number.

as workaround you can try IPSec (VTI) instead of GRE.

GRE tunnel behind Nat