cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1544
Views
10
Helpful
8
Replies

GRE Tunnel not working in my test environment

wrainwater
Level 1
Level 1

I set up 5 routers. One hub server,three spokes and a middle router (emulating the cloud).

 

test gre tunnel.PNG

 

 

 

 

Here are my configs:

 

R1 (Hub) 37251

interface Tunnel0
ip address 192.168.0.1 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 12345
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 12345

 

router ospf 1
log-adjacency-changes
network 200.10.0.0 0.0.0.255 area 0
end

 

interface FastEthernet0/0
ip address 200.10.0.1 255.255.255.0
duplex auto
speed auto
end

 

R2 (Spoke1) name 27252

interface Tunnel0
ip address 192.168.0.2 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast 200.10.0.1
ip nhrp map 192.168.0.1 200.10.0.1
ip nhrp network-id 12345
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 12345
end

 

interface FastEthernet1/0
ip address 25.0.0.2 255.0.0.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 25.0.0.0 0.255.255.255 area 0
!

 

R3 37253

interface Tunnel0
ip address 192.168.0.3 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast 200.10.0.1
ip nhrp map 192.168.0.1 200.10.0.1
ip nhrp network-id 12345
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 12345
!

interface FastEthernet1/0
ip address 35.0.0.3 255.0.0.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 35.0.0.0 0.255.255.255 area 0

 

R4 37255


interface Tunnel0
ip address 192.168.0.4 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast 200.10.0.1
ip nhrp map 192.168.0.1 200.10.0.1
ip nhrp network-id 12345
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 12345

 

interface FastEthernet0/0
ip address 45.0.0.4 255.0.0.0
speed 100
full-duplex

 

router ospf 1
log-adjacency-changes
network 45.0.0.0 0.255.255.255 area 0

 

R5 (Middle internet router)

interface FastEthernet0/0
ip address 45.0.0.5 255.0.0.0
ip ospf 1 area 0
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 200.10.0.5 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 25.0.0.5 255.0.0.0
ip ospf 1 area 0
speed auto
full-duplex
!
interface FastEthernet2/0
ip address 35.0.0.5 255.0.0.0
ip ospf 1 area 0
duplex auto
speed auto
!

 

When I do a show ip nhrp command on the Hub router I get no output

 

#Show Ip nhrp

 

 

I also got this constant flapping: 

*Mar 1 02:40:51.171: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /200.10.0.1, src_addr= 45.0.0.4, prot= 47

 

Any helpful tips would be great. thanks

 

2 Accepted Solutions

Accepted Solutions

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

I didn't find the overlay routing configuration in your network configuration. 

 

Let start with EIGRP configuration (You may go with Static/OSPF/BGP):

 

HUB:

router eigrp 1

router-id 1.1.1.1

no auto-summery

network 192.168.0.0 

network <LAN Subnet>

 

interface Tunnel0

no ip split-horizon eigrp 1

 

 

Spoke:

router eigrp 1

router-id 2.2.2.2

no auto-summery

network 192.168.0.0

network <LAN Subnet>

 

and try again.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Deepak is absolutely right. Add the subnet of the tunnels to all your OSPF processes. 

 

router ospf 1

network 192.168.0.0 0.0.0.255 area 0

 

I labbed your setup in GNS3, it works fine (except for the missing subnet in OSPF)...

View solution in original post

8 Replies 8

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

I didn't find the overlay routing configuration in your network configuration. 

 

Let start with EIGRP configuration (You may go with Static/OSPF/BGP):

 

HUB:

router eigrp 1

router-id 1.1.1.1

no auto-summery

network 192.168.0.0 

network <LAN Subnet>

 

interface Tunnel0

no ip split-horizon eigrp 1

 

 

Spoke:

router eigrp 1

router-id 2.2.2.2

no auto-summery

network 192.168.0.0

network <LAN Subnet>

 

and try again.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

I have OSPF  configured in my setup. Will that not work?

Hi,

As you shared configuration, The OSPF is enabled on the WAN interface, not for the DMVPN.

 

outer ospf 1
log-adjacency-changes
network 45.0.0.0 0.255.255.255 area 0

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Deepak is absolutely right. Add the subnet of the tunnels to all your OSPF processes. 

 

router ospf 1

network 192.168.0.0 0.0.0.255 area 0

 

I labbed your setup in GNS3, it works fine (except for the missing subnet in OSPF)...

Thank you both for your responses. One last question.

 

What is the difference between a GRE tunnel and an IPSec tunnel?

Thank you for your response. What is the difference between a GRE and an IPSec tunnel? 

Hello,

 

a GRE tunnel is basically what you have. It means the data is encapsulated, not encrypted.

An IPSec/GRE tunnel is a tunnel that is encrypted. Have a look at the link below to see the difference between what you have, and what an encrypted tunnel config would look like...

 

https://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629.html

Hi,

There are basic technical differences are 

 

GRE: the GRE tunnel data is encapsulated, not encrypted. once it will add one more IP header on the packet so the packet can route over the public internet but it is an open packet and anyone can read the packet including your data. 

GRE is adding some more benefits as it is allowing Multicast traffic over and so Administrator can use Dynamic routing, Multicast etc over the GRE tunnel. You can apply IPSec over the GRE tunnel for encrypting the traffic.

 

IPSec: IPSec is for Encryption, integrity, and authentication. It is allowing only Unicast/anycast traffic. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: