I setup a GRE tunnel between two cisco 2621 routers. They are both
running IOS c2600-advsecurityk9-mz.123-6c.bin. When I do a show ip int
brief they both show up/up. I can ping the tunnel address that the router
resides on but not the distant end. This is true for both routers. I can also
ping both the source and destination of the tunnel from both routers. So I
know that there shouldn't be any recurvise routing problems. My configs are listed below.
ip address 10.15.65.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 126.96.36.199
ip address 188.8.131.52 255.255.255.248
no ip mroute-cache
ip route 184.108.40.206 255.255.255.255 220.127.116.11
ip address 10.15.65.65 255.255.255.0
tunnel source Dialer2
tunnel destination 18.104.22.168
ip address negotiated
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip inspect to_internet out
dialer pool 2
no cdp enable
ppp authentication chap pap callin
ppp pap sent-username XXXXXXXX
ip route 22.214.171.124 255.255.255.255 dialer2
The fastethernet port of the router at your end has a public ip address and is connected to Internet(possibly). While the tunnel ip addresses are private ip addresses. Hence when you ping the tunnel ip address at the other end the packet won't be routed by your ISP. I don't see any Natting configuration on the fastethernet port of your router. I think if you do Natting on fastethernet port to NAT the tunnel interface ip address this should resolve or either you may configure IPSEC tunnel with ESP option between the WAN interfaces at both ends.
A GRE Tunnel will always be up but you can configure a keepalive to verify if it is a routing problem.
Could you do this on the side where you initiate the ping:
debug ip icmp
debug ip pack 199
access-list 199 permit icmp any any
logging buff 7
logging buff 100000
no logging con 7
then do your ping and issue following: sh log and post output here.
Don't forget to rate helpful posts.
I came upon your POST last night and was hoping to try out your suggestions.
I keyed in debug ip icmp.
As soon as I keyed in debug ip pack 199, my C1921 router was unavailable from SSH. I'm assuming this debug pegged the CPU. I had to visit client onsite this morning to reboot the router.
I'm still having similar issues, but just wanted you to know.