09-17-2020 05:08 AM - edited 09-24-2020 06:59 AM
Discussion removed. Solution not pertinent to issue.
Thanks for time and assistance.
Don't know how to delete thread
09-17-2020 07:09 AM - edited 09-17-2020 09:05 AM
09-17-2020 10:09 AM
Hello,
the easiest way to resolve the recursive routing would be to use static routes to the tunnel destinations, which would override the OSPF learned routes:
LTE_ROUTER
ip route 10.2.22.1 255.255.255.255 GigabitEthernet2.10
Cisco4500X
ip route 10.2.9.34 255.255.255.255 outgoing_interface
09-17-2020 10:22 AM
Mr Pauwen,
Thank you very much for your reply. I put the routes is as stated but unfortunately the recursive routing still occurs. Is there any output that would be helpful to you?
09-17-2020 11:36 AM
Hello,
with both static routes configured, what is the output of 'show ip route' on both devices with regard to the tunnel destination ?
The routes to the respective tunnel destinations should NOT go through the tunnel itself...is that the case ?
09-17-2020 11:52 AM
Sir ,
Here is out with tunnel down.
And here is output when the tunnel comes up for a brief moment.
Of note, g2.10 is not my outgoing interface. Cell0 is technically the way out with a dynamic ip from At&t that terminates to our ASA via the EZVPN on the LTE router from the output.
09-17-2020 12:01 PM
Hello,
I do not see the static host routes. How do the static host routes I suggested earlier show up in the running configurations ?
You can test by sending a traceroute to the respective tunnel destinations, from each router. What is the first hop ?
09-17-2020 12:07 PM
09-17-2020 04:44 PM
Sir,
Here is output from the LTE Router. I did it with and without the route.
And here is output from the 4500X router.
And here is output from the ASA the VPN terminates at from the LTE router showing ospf routes from the 4500X
09-18-2020 12:02 AM
Hello,
is your ASA allowing GRE traffic through ? The access list applied to the ASA outside interface should look something like below:
access-list OUT-IN-ACL extended permit gre any any
access-group OUT-IN-ACL in interface outside
09-18-2020 08:02 AM
So in this case for this test. I have an acl for LTE-Routers. There are many acls in there but at the top I have an ANY/ANY for testing. Currently GRE isnt being blocked as the tunnel does form.
09-18-2020 01:03 AM
Hello
You need to negate the advertisement of the tunnel source/destinations through the tunnel itself., Static routes in your case won’t work as your redistributing those statics through the tunnel.via ospf, If you wish to use static routing for the transit path for the tunnel then don’t advertise them through the tunnel.
09-18-2020 08:35 AM
So remove the static routes and the advertisement of the Tunnel destinations at each end. Do I associate the tunnel with ospf at all like with "ip ospf 10 area 0" on the tunnel itself or disregard that as well?
Also, is there a problem with the tunnel dest being int vlan 10 on the 4500. I would need to advertise that so the ASA know of it correct? Or is not not an issue here?
Then also remove the static routes so that they are not redistributed through the ospf.
Here is an updated config for each after these updates.
LTE_ROUTER
4500X
Hope this is helping, let me know if you need anything else.
09-20-2020 06:25 AM
Should I change my tunnel destinations to unadvertised interfaces?
Or could I do a router map filter to not advertise the tunnel interface back to itself?
09-20-2020 12:12 PM
Hello,
redistribute the static routes but exclude the ones that point to the respective tunnel destinations, using route maps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide