cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
315
Views
0
Helpful
1
Replies

Some part of IP addresses are not seen through GRE tunnel

a_prutkoy
Level 1
Level 1

Hello,

The GRE tunnel.

Cisco 2821 [GE0/0] --- Public Internet --- [FE0/0] Cisco 2801

Cisco 2821:

interface Tunnel0

description GRE tunnel to back office

ip address 172.16.0.2 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

tunnel source GigabitEthernet0/0

tunnel destination 94.xxx.xxx.254

!

interface GigabitEthernet0/0

description $Connect-to-upstream-C2901$

ip address 91.xxx.xxx.254 255.255.255.252

ip access-group 101 in

no ip unreachables

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 192.168.102.250 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

...

!

ip route 0.0.0.0 0.0.0.0 91.xxx.xxx.253

ip route 192.168.101.0 255.255.255.0 172.16.0.1

!

Cisco 2801:

!

interface Tunnel0

description GRE tunnel to main office

ip address 172.16.0.1 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

tunnel source FastEthernet0/0

tunnel destination 91.xxx.xxx.254

!

interface FastEthernet0/0

ip address 94.xxx.xxx.254 255.255.255.252

ip access-group 101 in

no ip unreachables

ip virtual-reassembly

duplex auto

speed auto

crypto map dynmap

!

interface FastEthernet0/1

ip address 192.168.101.250 255.255.255.0

duplex auto

speed auto

!

...

!

ip route 0.0.0.0 0.0.0.0 94.xxx.xxx.253

ip route 192.168.102.0 255.255.255.0 172.16.0.2

!

show arp from 2801:

2801-voip-gw#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  94.xxx.xxx.253         235   001c.f630.5435  ARPA   FastEthernet0/0

Internet  94.xxx.xxx.254           -   0014.1c62.0384  ARPA   FastEthernet0/0

Internet  192.168.101.10          3   1c17.d341.135f  ARPA   FastEthernet0/1

Internet  192.168.101.13         32   0021.5555.3b32  ARPA   FastEthernet0/1

Internet  192.168.101.15         17   dc7b.94f8.022a  ARPA   FastEthernet0/1

Internet  192.168.101.16          6   dc7b.94f8.e6af  ARPA   FastEthernet0/1

Internet  192.168.101.18          8   001f.9e24.a19c  ARPA   FastEthernet0/1

Internet  192.168.101.19         21   001e.7ac5.7a82  ARPA   FastEthernet0/1

Internet  192.168.101.20          0   001e.7ac5.7a24  ARPA   FastEthernet0/1

Internet  192.168.101.21          6   001e.7a26.1fc7  ARPA   FastEthernet0/1

Internet  192.168.101.25         36   0021.5554.7ca9  ARPA   FastEthernet0/1

Internet  192.168.101.26         23   001f.9eac.dbe7  ARPA   FastEthernet0/1

...

Internet  192.168.101.251         1   0015.605f.a46e  ARPA   FastEthernet0/1

Internet  192.168.101.252         0   0013.21b5.c158  ARPA   FastEthernet0/1

ping from 2821:

2821-voip-gw#ping 172.16.0.1                                

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

2821-voip-gw#ping 192.168.101.250

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.250, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

2821-voip-gw#ping 192.168.101.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms

2821-voip-gw#ping 192.168.101.251

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.251, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

ping from 2801:

2801-voip-gw#ping 192.168.101.251

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.251, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

As you can see, I can ping some IP addresses on site 2801 but some can't. The same situation if I ping network on site 2821.

show arp from 2821:

2821-voip-gw#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  91.xxx.xxx.253        146   e8b7.48c3.a641  ARPA   GigabitEthernet0/0

Internet  91.xxx.xxx.254          -   dc7b.94d8.b960  ARPA   GigabitEthernet0/0

Internet  192.168.102.10         24   c40a.cbe1.e6e3  ARPA   GigabitEthernet0/1

Internet  192.168.102.11          0   001b.38ad.9250  ARPA   GigabitEthernet0/1

Internet  192.168.102.12          0   70ca.9b5c.5ec1  ARPA   GigabitEthernet0/1

Internet  192.168.102.13          0   ccef.48a2.7a7a  ARPA   GigabitEthernet0/1

Internet  192.168.102.250         -   dc7b.94d8.b961  ARPA   GigabitEthernet0/1

ping from 2801:

2801-voip-gw-akvalis#ping 192.168.102.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.102.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/8 ms

2801-voip-gw-akvalis#ping 192.168.102.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.102.11, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

ping from 2821:

2821-voip-gw-akvalis#ping 192.168.102.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.102.11, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Can somebody help to understand why some IPs are seen and some not through GRE tunnel?

1 Reply 1

a_prutkoy
Level 1
Level 1

I have found the issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: