Hello Georg,

Thank you for your reply

Here is the configuration file for each router 

Hello,

you have a simple GRE tunnel configured. Try and change the MTU size on the tunnel interfaces on both routers:

Router_Site_1

interface Tunnel1

--> ip mtu 1400

Router_Site_2

interface Tunnel1

--> ip mtu 1400

Hello,

Thank you for your reply

Is the MTU make some tcp ports not allowed, as I can reach the site with (ping, tracers, Remote Desktop) but cannot reach it by (http, SIP).

Thanks

Hello,

a tunnel mtu is lower by default than the 1500 used on Ethernet. That could lead to websites not being reachable. I don't know about SIP...in what context are SIP packets not going through ?

Either way, try the MTU change and check the results...

Hello,

Here is the interface tunnel 1 configuration:

Tunnel1 is up, line protocol is up
Internet address is 172.20.218.202/30
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1476 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled

With ip tcp adjust-mss configured on both vlan 1 interfaces I would think that mtu has been addressed. It might be interesting to lower the value used for adjust-mss and see if it makes any difference.

The configuration of these routers is pretty simple and straight forward. There are a few things that seem a bit odd, such as an IP SLA configured but I do not see where it is used. But I do not see anything in these configs that would prevent certain ports (http and sip) from working. Both routers have a number of subnets connected through vlan 1. I wonder if the issue might be on whatever is the next hop from the routers that we see?

Would the http and/or sip need any resource that is not at site 1 or at site 2? I note that site 1 has a default static route that says for any unknown destination go through the tunnel to reach the unknown destination. Similarly site 2 has a static default route that says to reach any unknown destination go through the tunnel. So resources at site 1 and site 2 should be reachable. But any resource not at these 2 sites would be unreachable.