Re: Tunnel is not established

msasikumar · ‎09-22-2011

Hi All,

I am very new for tunnels. And, i am seeing one of the router tunnel 2 is not established.Pls inform what are the things need to be checked if it's not established.

i have mentioned details below.

interface Tunnel2
description Internet Tunnel
ip address 10.X.X.33 255.255.254.0
no ip redirects
ip mtu 1416
ip flow egress
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp map 10.214.243.254 146.197.246.22
ip nhrp map multicast 146.197.246.22
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 10.214.243.254
ip nhrp cache non-authoritative
zone-member security STORE_NWSC
delay 1000
cdp enable
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile VT2 shared
!

router eigrp 1
passive-interface Vlan20
network 10.146.22.0 0.0.0.255
network 10.212.32.64 0.0.0.63
network 10.212.32.128 0.0.0.63
network 10.214.240.0 0.0.1.255
network 10.214.242.0 0.0.1.255
no auto-summary
eigrp stub connected summary
!
ip route 10.146.2.48 255.255.255.255 Vlan20
ip route 146.197.238.26 255.255.255.255 Vlan20
ip route 146.197.246.22 255.255.255.255 FastEthernet0/1 dhcp

IP-EIGRP neighbors for process 1

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 10.214.241.254 Tu1 12 01:06:18 4260 5000 0 1541045

FastEthernet0/1 is up, line protocol is up

Hardware is Gt96k FE, address is 0021.d8fe.08f7 (bia 0021.d8fe.08f7)

Description: This interface to be configured for DHCP from DSL Carrier

Internet address is 68.188.126.76/25

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 01:22:01, output 00:00:04, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

217751 packets output, 22567940 bytes, 0 underruns

0 output errors, 0 collisions, 4 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

IP-EIGRP neighbors for process 1

Ivan Krimmel · ‎09-24-2011

Hi,

I can't see 'tunnel destination' being configured.

Regards,

Ivan.

Peter Paluch · ‎09-24-2011

Hi Ivan,

The missing tunnel destination command is logical - this is a multipoint GRE tunnel with endpoints being discovered/mapped using NHRP. Configuring the destination statically would not be even accepted by the IOS.

I would be very interested in knowing if it is possible to ping at least the IP addresses 146.197.246.22 and 10.214.243.254. Also, the output of show ip nhrp tun2 detail command would be illustrative.

Best regards,

Peter

Ivan Krimmel · ‎09-24-2011

oh ya, missed those *nhrp* lines, sorry.

Ivan,

Joseph W. Doherty · ‎09-25-2011

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Besides checking whether you can ping between public IPs, you might also double check ALL crypo and tunnel parameters agree between the hub and the spoke.

Marc Laracuente · ‎09-25-2011

Joseph,

What's with the disclaimer? This is just a forum where people offer help and answers to questions. Your not prescribing medicine. Is there really a need for that and the space it takes up?

Sent from Cisco Technical Support iPad App

Joseph W. Doherty · ‎09-25-2011

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Well, if Cisco requires us to indemnify them and release them from all liabilities as part of their User Agreement, rather be safe than sorry.