Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1141
Views
0
Helpful
2
Replies

IPSEC over GRE tunnel Flapping

Rachna Sharma
Level 1
Level 1

ā€Ž03-11-2018 04:22 PM - edited ā€Ž03-05-2019 10:04 AM

Hi

I have IPSEC over GRE site to site tunnels (total 12 tunnels running) in the network and RIP spans the whole network.

Two of the tunnels keeps alerting for flaps. I have checked with my ISP already and got information thre are no issues.These tunnels use the same WAN interface as the other 10 tunnels. The physical interface doesn't go down. I have tried changing IP mtu, keepalives but found nothing. This is very intermittent. Can anyone help.

 

config of tunnel on HO


interface Tunnel12
 description GRE Tunnel to ****
 ip address x.x.x.x y.y.y.y
 ip mtu 1436
 ip nat outside
 ip ospf cost 20000
 tunnel source GigabitEthernet0/0/1
 tunnel destination a.a.a.a
 crypto map xyz
end

 


Mar  9 19:42:21.412 AEDT: Tunnel11: Tunnel linestate change - current up,evaluated down - no output interface
Mar  9 19:42:21.413 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel11, changed state to down
Mar  9 19:42:31.429 AEDT: Tunnel11: Tunnel linestate change - current down,evaluated up
Mar  9 19:42:31.429 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel11, changed state to up
Mar 10 02:10:19.278 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to down
Mar 10 02:10:29.280 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to up
Mar 10 12:30:31.723 AEDT: Tunnel11: Tunnel linestate change - current up,evaluated down - no output interface
Mar 10 12:30:31.723 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel11, changed state to down
Mar 10 12:30:41.725 AEDT: Tunnel11: Tunnel linestate change - current down,evaluated up
Mar 10 12:30:41.725 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel11, changed state to up
Mar 10 18:58:39.502 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to down
Mar 10 18:58:49.505 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to up
Mar 11 11:46:39.815 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to down
Mar 11 11:46:49.817 AEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to up

Labels:
0 Helpful
2 Replies 2

Deepak Kumar
VIP Alumni
VIP Alumni

ā€Ž03-11-2018 11:35 PM

Hi,

Can you verify your IOS version? It could be an IOS bug. Same time can you verify the routing, remove the crypto map for a short period of testing?

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Rachna Sharma
Level 1
Level 1
In response to Deepak Kumar

ā€Ž03-12-2018 03:28 PM

Hi Deepak

 

I guess I tried removing the crypto last year. This issue is ongoing since last one year. Before, it was 2811 router and now is 4300. So even after the hardware replacement, the issue still stands. Configured Ip sla to track the physical connectivity and as per logs the physical path goes down but ISP says nothing is wrong on their end..

 

Thanks

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card