ISSUE with GRE TUNNEL

ramdane.airdahmane · ‎07-25-2012

Hello All ;

i have 2 site connected with GRE TUNNEL

so all ping test are OK but i cannot access to mail server from other site.

PING TEST:

ping 10.177.80.32 source gigabitEthernet 0/1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.177.80.32, timeout is 2 seconds:

Packet sent with a source address of 10.177.86.3

!!!!!

but I CANNOT acces to mail server; or open shared folder ; ftp;

Principal Site :

interface Tunnel0

ip address 1.1.1.1 255.255.255.252

tunnel source Serial0/0/0

tunnel destination 10.10.31.178

!

interface GigabitEthernet0/1

ip address 10.177.80.3 255.255.252.0

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.10.12.190 255.255.255.252

second site :

interface Tunnel0

ip address 1.1.1.2 255.255.255.252

tunnel source GigabitEthernet0/0

tunnel destination 10.10.12.190

!

interface GigabitEthernet0/0

description interface WAN_ICOSNET

ip address 10.10.31.178 255.255.255.252

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 10.177.86.3 255.255.255.0

duplex auto

speed auto

ip route 10.177.80.0 255.255.252.0 Tunnel0

so test :

Anton Pestov · ‎07-25-2012

Use 'ip route 10.177.80.0 255.255.252.0 1.1.1.1'

, instead

'ip route 10.177.80.0 255.255.252.0 Tun0' - this route is suitable for P2p more

Give the parameters ACL, PBR if those are used on interfaces

cadet alain · ‎07-25-2012

Hi,

is there a firewall in between or have these 2 routers ZBF or CBAC configured or any ACL that could interfere ?

Regards.

Alain.

Don't forget to rate helpful posts.

Richard Burts · ‎07-25-2012

I have looked at the partial configuration posted and do not see any particular problems with it.

Anton's advice about changing the static route would be very appropriate if the interface used in the static route were Ethernet. But the static route in the original post is quite fine to use the outbound interface, since the outbound interface is a point to point tunnel.

The ping test results seem to demonstrate that the tunnel is up and is passing traffic (at least traffic for a specific destination from a source that is directly connected on the second site router.

The original post says that there are problems with access to the mail server. But it does not tell us what is the address of the mail server or what was the source address that was trying the access.

The original post does show a static route configured on the second site router. But it does not tell us anything about what routes are configured on the primary site.

I am guessing that the problem is a routing issue. But we do not have enough information to identify the problem. If we had information about what routes exist on the primary site and had information about the source and destination addresses were having problems then perhaps we could suggest answers for this problem.

HTH

Rick

HTH

Rick