I have installed a GNS3 lab and i have configured the routers for gre tunnel over ipsec, as seen in the attached picture.
Attached you can see the configurations of the R3,R1,R7,R4
The problem is that with this setup the tunnels are up but i cannot ping from PC2 (192.168.1.2) to PC1 (192.168.2.2).
When i put in the tunnel destionation the loopback ip of the R4, i receive a recurcive routing problem, which i can't resolve.
When i put in tunnel source the R3 fa0/0 ip address and the tunnel destination the R4 fa0/1 ip address (and vice verca) the tunnel are up and i can ping from PC2 to PC1.
I would like to put in then tunnel source and tunnel destination the loopback ip addresses of the routers as best solution, but i receive "recursive routing" error, and i cant find where i have wrong configuration.
Can you help me?
Solved! Go to Solution.
sorry for the misunderstanding. What I meant to say is: whatever address or interface you use as tunnel source and/or destination must be reachable in your network NOT through the tunnel. That is when recursive routing occurs. In your case, if you want to use the loopback interfaces as sources, make sure there is a route to them within your network, and that route must not include the tunnel. I labbed your setup, and the only way I could accomplish that is by adding static host routes on both R7 and R1:
ip route 18.104.22.168 255.255.255.255 Serial2/0
ip route 22.214.171.124 255.255.255.255 FastEthernet0/0
ip route 126.96.36.199 255.255.255.255 FastEthernet0/0
ip route 188.8.131.52 255.255.255.255 Serial2/0
I have implemented all these nice things that you have told me, and in the attached files you can see the configurations of R3 and R4.
Now, as you can see, i can ping the tunnel destination of both R3 and R4 (R3:184.108.40.206 and R4:220.127.116.11), but i can't ping the LAN ip addresses of the respective routers. It suppose these pings will pass through the gre tunnel (172.16.0.1 from R3 and 172.16.0.2 from R4), but the pings are failed!
My friend gpauwen i would like to thank you for the corrections that you have made to the configs.
I copy your corrections and the lab works fine!
I think that the main problem was the below command:
In my config i had the 192.168.5.2 ip address and not the 18.104.22.168.
Thank you very much for your help!
crypto isakmp key cisco123! address 22.214.171.124
to be honest, I am not sure if some of the problems are GNS3 specific. Either way, (static) virtual tunnel interfaces do not work when the transport set is configured for 'mode transport', you have to configure 'mode tunnel'.
Anyway, it works; the idea is of course that xVTIs are much easier to configure than VPNs with crypto maps, interesting traffic, etc...
Good luck with this and other labs !
There are a few things to consider:
Does Router 3 have a route to the source and destination? If not, then you need to fix this. This can be done with a static route or with dynamic routing (OSPF,EIGRP,etc) Ensure that on Router 3, you have a route to the source and destination. Loopback should be directly connected so that shouldn't be problem
Does Router 1 have a route to the source and destination (tunnel source/destination)? If not, then you need to fix this. This can be done with a static route or with dynamic routing (OSPF,EIGRP,etc) Ensure that on Router 1, you have a route to the source and destination.
Same for router 7 and Router 4, ensure that each specific router has a path (route) to source and destination. Once you fix this, I believe you should be good to go. Sorry I didn't give you the specific answer, but I think you have the knowledge to fix this based on the information you already posted.