Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1362
Views
0
Helpful
13
Replies

Help with GRE tunneling on loopback interfaces

karczmarzmateusz
Level 1
Level 1

‎02-13-2024 12:45 PM - last edited on ‎02-13-2024 01:14 PM by Cisco Employee

Hello, I'm creating a network project, I've configured all the routers and end devices, but the traffic isn't going through the tunnel. There's no communication happening at all.

Below I provide the configuration of routers participating in tunneling

karczmarzmateusz_0-1707857013699.png

 

karczmarzmateusz_1-1707857093898.png

karczmarzmateusz_2-1707857115954.png

 

 

 

Labels:
0 Helpful
13 Replies 13

MHM Cisco World
VIP
VIP

‎02-13-2024 12:48 PM

You need to add 

Static route <remote-lan> tunnel-head-ip

This need in both router you config gre tunnel on it.

MHM

0 Helpful

karczmarzmateusz
Level 1
Level 1

‎02-13-2024 12:58 PM

I will also add a photo of the network

karczmarzmateusz_1-1707857909035.png

 

0 Helpful

karczmarzmateusz
Level 1
Level 1

‎02-13-2024 01:00 PM

karczmarzmateusz_0-1707858014577.png

Ip route command 

0 Helpful

MHM Cisco World
VIP
VIP
In response to karczmarzmateusz

‎02-13-2024 01:19 PM

the tunnel source and tunnel destination and tunnel IP  must include in ACL of IPsec tunnel. 
this make the traffic of GRE pass other IPsec 
MHM

0 Helpful

karczmarzmateusz
Level 1
Level 1
In response to MHM Cisco World

‎02-13-2024 01:26 PM

I understand, but I would like all network traffic to be routed only through the GRE tunnel, between routers A1 and B1. In this case, would I also need an ACL and IPsec tunneling?

0 Helpful

MHM Cisco World
VIP
VIP
In response to karczmarzmateusz

‎02-13-2024 01:45 PM

No you share the topology and I see IPsec between middle routers 
this IPsec use to connect two routers in path between GRE tunnel routers, 
you can try remove the crypto map and check 
also are the GRE tunnel is UP/UP (show ip interface status)
MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎02-20-2024 11:34 AM

Still this issue not solved 

I will share lab after football match' it easy for me take 15 min max' 

I will share lab with config of each routers

Dont worry 

MHM

0 Helpful

David Ruess
VIP
VIP

‎02-13-2024 01:08 PM

Do you have underlay routing? As in can your local loopback interface ping your remote loopback interface. Can you please provide the output of the successful ping?

If it doesn't work you will need to establish this for it to work.

-David

0 Helpful

karczmarzmateusz
Level 1
Level 1

‎02-13-2024 01:29 PM

I can't ping looback int

karczmarzmateusz_0-1707859758381.png

 

0 Helpful

David Ruess
VIP
VIP
In response to karczmarzmateusz

‎02-13-2024 02:02 PM

You will need to establish connectivity between the loopbacks to continue with your GRE configuration.

0 Helpful

karczmarzmateusz
Level 1
Level 1

‎02-20-2024 02:55 AM

Okay I can ping from computers to loopback interfaces. But only to those connected to the same router.

0 Helpful

David Ruess
VIP
VIP
In response to karczmarzmateusz

‎02-20-2024 10:35 AM

You need to employ either a routing protocol or static routes from your source router to destination router and vice versa. Underlay connectivity is a requirement for tunnel otherwise your devices don't know how to route them.

0 Helpful

MHM Cisco World
VIP
VIP

‎02-20-2024 02:44 PM


R5#show running-config
Building configuration...

Current configuration : 2219 bytes
!
! Last configuration change at 01:41:12 UTC Wed Feb 21 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key mhm address 0.0.0.0
!
!
crypto ipsec transform-set mhm esp-des
mode tunnel
!
!
!
crypto map mhm 10 ipsec-isakmp
set peer 110.0.0.3
set transform-set mhm
match address 100
!
!
!
!
!
interface FastEthernet0/0
ip address 210.0.0.5 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.5 255.255.255.0
speed auto
duplex auto
crypto map mhm
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 100.0.0.0 0.0.0.255 area 0
network 110.0.0.0 0.0.0.255 area 0
network 200.0.0.0 0.0.0.255 area 0
network 210.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip host 6.6.6.6 host 2.2.2.2
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!

R3#show run
R3#show running-config
Building configuration...

Current configuration : 2147 bytes
!
! Last configuration change at 01:33:15 UTC Wed Feb 21 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key mhm address 0.0.0.0
!
!
crypto ipsec transform-set mhm esp-des
mode tunnel
!
!
!
crypto map mhm 10 ipsec-isakmp
set peer 200.0.0.5
set transform-set mhm
match address 100
!
!
!
!
!
interface FastEthernet0/0
ip address 110.0.0.3 255.255.255.0
duplex full
crypto map mhm
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 100.0.0.3 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 100.0.0.0 0.0.0.255 area 0
network 110.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip host 2.2.2.2 host 6.6.6.6
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end


R4#show running-config '
^
% Invalid input detected at '^' marker.

R4#show running-config
Building configuration...

Current configuration : 1819 bytes
!
! Last configuration change at 01:38:24 UTC Wed Feb 21 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 110.0.0.4 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.4 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 110.0.0.0 0.0.0.255 area 0
network 200.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!

R2#show run
R2#show running-config
Building configuration...

Current configuration : 2019 bytes
!
! Last configuration change at 01:34:54 UTC Wed Feb 21 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 5.0.0.2 255.255.255.0
tunnel source Loopback0
tunnel destination 6.6.6.6
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 100.0.0.2 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 2.2.2.2 0.0.0.0 area 0
network 100.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 20.0.0.0 255.255.255.0 Tunnel0
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R6#show run
R6#show running-config
Building configuration...

Current configuration : 2019 bytes
!
! Last configuration change at 01:36:56 UTC Wed Feb 21 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Tunnel0
ip address 5.0.0.6 255.255.255.0
tunnel source Loopback0
tunnel destination 2.2.2.2
!
interface FastEthernet0/0
ip address 210.0.0.6 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 20.0.0.6 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 6.6.6.6 0.0.0.0 area 0
network 210.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 10.0.0.0 255.255.255.0 Tunnel0
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Screenshot (122).png

lab with all commands you need 

0 Helpful
Customers Also Viewed These Support Documents