03-08-2013 08:30 AM - edited 03-04-2019 07:14 PM
I am doing a booth at the end of this month. They have public WIFI access. I'd like to bring some phones with me to connect back to my hub router. My thoughts are to connect my laptop to the wifi, bridge the wireless card to the LAN card, and then connect my 871W to the laptop. Then just have a multipoint GRE tunnel from the 871W back to the hub. Anyone see any issues with the setup?
03-10-2013 05:44 AM
Your GRE is going to be from your laptop to hub router or 871W to hub router?
You could test it out at a friend's wifi or at Barnes and Noble etc.
HTH.
03-10-2013 11:18 AM
It will be 871W to hub router. The laptop is going to be serving as the internet connection for the 871W. Yeah, I'm gonna take it down the street and test it.
03-10-2013 03:44 PM
OK, so 871W piggybacking laptop didn't establish a tunnel. I took the router inside and plugged directly into friends wireless router, yet still no results. Can a GRE tunnel spoke establish a tunnel when it's behind NAT? I'm reading yes and no and kind of confused.
03-10-2013 05:19 PM
You can try terminating IPSec or PPTP from your laptop to the Hub router.
I am not sure when you say bridge the two intrfaces, the router would share the address with your laptop interface or not. Behind the NAT or not, GRE would originate packets from it's own interface address. if it's NATed, checksum would change so checksum may be disabled in the first place.
Thanks.
03-10-2013 10:33 PM
Ok, so establish a VPN connection using the Cisco VPN client on the laptop, then plug the 871w into the wired Nic of the laptop for the GRE?
Sent from Cisco Technical Support iPhone App
03-11-2013 05:49 AM
Once you have an IPSec tunnel across I don't think there would be a need for a GRE then.
Thanks.
03-11-2013 12:55 PM
Well there would be since I need to do some routing across that tunnel. There will be multiple devices behind the 871w. Do GRE tunnel spokes work behind NAT?
Sent from Cisco Technical Support iPhone App
03-11-2013 01:09 PM
Hello Robert,
Yes, GRE tunnels work behind NAT.
Best Regards
Please rate all helpful posts and close solved questions
03-11-2013 03:56 PM
Try bringing your GRE up with keepalives disabled.
Sent from Cisco Technical Support iPhone App
03-14-2013 10:10 PM
OK, so I am at a loss here. Attached are the configs from the hub and spoke. For the love me, I can't get this thing to establish. Does anyone see where I am goofing?
Spoke
interface Tunnel1
description Tunnel to Craig House GRE
ip address 10.10.20.2 255.255.255.0
ip mtu 1472
ip nhrp map 10.10.20.1 68.3.X.X
ip nhrp map multicast 68.3.X.X
ip nhrp network-id 1
ip nhrp nhs 10.10.20.1
ip tcp adjust-mss 1400
ip ospf network broadcast
tunnel source FastEthernet4
tunnel key XX
end
Hub
interface Tunnel5
description Test DMVPN
ip address 10.10.20.1 255.255.255.0
no ip redirects
ip mtu 1472
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1400
ip ospf network broadcast
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key XX
The only thing out of "debug tunnel" on the spoke is below.
*Mar 5 07:43:19.284: Tunnel1 count tx, adding 0 encap bytes
*Mar 5 07:43:22.209: Tunnel1: GRE/IP encapsulated 172.20.10.4->68.3.X.X (linktype=7, len=104)
*Mar 5 07:43:22.209: Tunnel1 count tx, adding 0 encap bytes
*Mar 5 07:43:23.477: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0
*Mar 5 07:43:28.978: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0
*Mar 5 07:43:31.375: Tunnel1: GRE/IP encapsulated 172.20.10.4->68.3.X.X (linktype=7, len=104)
*Mar 5 07:43:31.375: Tunnel1 count tx, adding 0 encap bytes
*Mar 5 07:43:34.479: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0
*Mar 5 07:43:39.981: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0
*Mar 5 07:43:41.077: Tunnel1: GRE/IP encapsulated 172.20.10.4->68.3.X.X (linktype=7, len=104)
*Mar 5 07:43:41.077: Tunnel1 count tx, adding 0 encap bytes
03-15-2013 12:28 AM
Hello Robert,
From information you have provided it seems that configuration is ok, except one thing.
Spoke
interface Tunnel1
tunnel mode gre multipoint is mising, default mode is mode gre ip, i think.
If this will not help, try to follow this tutorial step by step ->
http://www.fir3net.com/Cisco-Router/dmvpn-tutorial.html
Best Regards
Please rate all helpful posts and close solved questions
03-15-2013 12:40 AM
Your missing the tunnel destination on the spoke tunnel interface for the hub
Sent from Cisco Technical Support iPad App
03-15-2013 10:34 AM
OK, so everything I've configured seems like it should work. Below is the spoke router config. I know the router config is very simple, but this is just for testing. When the tunnel actually comes up, I'll do a lot more. I am thinking that maybe I need to configure NAT on the spoke and source the tunnel from a Loopback?
Router#show run
Building configuration...
Current configuration : 1920 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T8.bin
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
!
dot11 syslog
no ip subnet-zero
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username craigrobertlee privilege 15 password 0 HHCimo!@#$1234
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Loopback0
ip address 192.168.0.10 255.255.255.255
!
interface Tunnel1
description Tunnel to Craig House GRE
ip address 10.10.20.2 255.255.255.0
no ip redirects
ip mtu 1472
ip nhrp map 10.10.20.1 68.3.X.X
ip nhrp map multicast 68.3.X.X
ip nhrp network-id 1
ip nhrp nhs 10.10.20.1
ip tcp adjust-mss 1400
ip ospf network broadcast
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 50
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 50
switchport voice vlan 50
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
shutdown
!
interface Vlan50
ip address 192.168.50.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
passive-interface default
no passive-interface Tunnel1
network 10.10.20.0 0.0.0.255 area 0
network 192.168.0.10 0.0.0.0 area 0
network 192.168.50.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 192.168.4.0 255.255.255.0 10.10.20.1 name Test
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
login local
!
scheduler max-task-time 5000
end
Router#exit
03-15-2013 11:08 AM
Hello Robert,
Did your configuration work? Is tunnel interface operational?
Yes, you will have to configure NAT, entire traffic needs to be translated to WAN (Fa4) IP address. Also tunnel interface must be sourced from Fa4 interface.
Reason for this is, that you obtain IP from DHCP (like laptop) and you need to hide entire traffic behind this IP address, cause if you dont, traffic will arrive on wifi default gateway and will be dropped as unknown.
Best Regards
Please rate all helpful posts and close solved questions
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide