Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
955
Views
0
Helpful
3
Replies

GRE Tunnel

kmchoong
Level 1
Level 1

‎06-24-2005 07:31 AM - edited ‎03-03-2019 09:53 AM

I have 2 routers, Marvin and champion. Both connected via Internet. But, Champion, 192.168.3.0 subnet does not seem to be able to browse Internet. Why?

Marvin Router

interface tunnel 0

ip address 10.1.1.1 255.255.255.0

tunnel source 203.1.1.1

ip nat inside

tunnel destination 219.11.1.1

tunnel destination 219.12.1.1

tunnel destination 219.13.1.1

tunnel mode gre ip

!

!

!

!

interface ethernet 0

description Internal Segment

ip address 192.168.3.1 255.255.255.0

ip nat inside

!

!

interface serial0

description to ISP

ip address 203.1.1.1 255.255.255.252

encapsulation hdlc

ip nat outside

bandwidth 2048

!

ip route 0.0.0.0 0.0.0.0 203.1.1.2

ip route 192.168.3.0 255.255.255.0 tunnel 0

!

!

ip nat inside source list 110 interface serial0 overload

!

!

access-list 110 permit ip 192.168.3.0 any

access-list 110 permit ip 192.168.4.0 any

access-list 110 permit ip 192.168.5.0 any

!

Champion Router

interface tunnel 0

ip address 10.1.1.2 255.255.255.0

tunnel source 219.11.1.1

tunnel destination 203.1.1.1

tunnel mode gre ip

!

!

!

interface ethernet 0

ip address 192.168.3.1 255.255.255.0

ip policy route-map gre

!

!

interface serial 0

ip address 219.11.1.1 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 219.11.1.2

!

!

route-map gre permit 10

match ip address 120

set default interface tunnel 0

!

!

access-list 120 permit ip 192.168.3.0 0.0.0.255 any

!

!

Labels:
0 Helpful
3 Replies 3

kmchoong
Level 1
Level 1

‎06-24-2005 07:33 AM

Sorry, the configuration should be as below:

Marvin Router

interface tunnel 0

ip address 10.1.1.1 255.255.255.0

tunnel source 203.1.1.1

ip nat inside

tunnel destination 219.11.1.1

tunnel destination 219.12.1.1

tunnel destination 219.13.1.1

tunnel mode gre ip

!

!

!

!

interface ethernet 0

description Internal Segment

ip address 192.168.2.1 255.255.255.0

ip nat inside

!

!

interface serial0

description to ISP

ip address 203.1.1.1 255.255.255.252

encapsulation hdlc

ip nat outside

bandwidth 2048

!

ip route 0.0.0.0 0.0.0.0 203.1.1.2

ip route 192.168.3.0 255.255.255.0 tunnel 0

ip route 192.168.4.0 255.255.255.0 tunnel 0

ip route 192.168.5.0 255.255.255.0 tunnel 0

!

!

ip nat inside source list 110 interface serial0 overload

!

!

access-list 110 permit ip 192.168.3.0 any

access-list 110 permit ip 192.168.4.0 any

access-list 110 permit ip 192.168.5.0 any

!

Champion Router

interface tunnel 0

ip address 10.1.1.2 255.255.255.0

tunnel source 219.11.1.1

tunnel destination 203.1.1.1

tunnel mode gre ip

!

!

!

interface ethernet 0

ip address 192.168.3.1 255.255.255.0

ip policy route-map gre

!

!

interface serial 0

ip address 219.11.1.1 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 219.11.1.2

!

!

route-map gre permit 10

match ip address 120

set default interface tunnel 0

!

!

access-list 120 permit ip 192.168.3.0 0.0.0.255 any

!

ip route 192.168.2.0 255.255.255.0 tunnel 0

!

!

0 Helpful

Not applicable
In response to kmchoong

‎06-24-2005 10:46 AM

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to kmchoong

‎06-24-2005 11:34 AM

It would be easier to answer the question and identify the problem if we knew a bit more about how you intend for this network to work. Usually when I see two sites connected through the Internet with a GRE tunnel, each site sends its own traffic to the Internet and uses the tunnel to get to destinations in the other site (allowing each site to use reserved (private) address space and still communicate over the Internet). But it looks like you intend Champion to send all of its traffic (including Internet traffic) through the tunnel to Marvin. Perhaps you could clarify this part?

Looking at these configs one of the important differences that I notice is that Marvin is configured with NAT while Champion is not. If you realy intend all Internet traffic from Champion to go through the tunnel to Marvin and then to the Internet, this would not matter. If Champion is trying to send anything directly to the Internet that is a problem.

I find some ambiguity in the configuration of Champion. If you really intend Champion to send all of its traffic through the tunnel to Marvin, then I would suggest that the default route on Champion should have as its next hop address the tunnel address on Marvin instead of having the ISP serial address as its next hop. That would also remove the need to have the Policy Based Routing which is trying to send everything through the tunnel. If you do change the default route to point through the tunnel then you will need to add a static route on Champion for the tunnel destination address:

ip route 203.1.1.1 255.255.255.255 219.1.1.2

If you are going to keep the Policy Based Routing to force traffic through the tunnel then I would suggest that you change the set clause. You really want to set the interface (or I might prefer to set the next hop) rather than the default interface). I suspect this is the major reason that Champion is not accessing the Internet in your current configuration.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card