cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1346
Views
5
Helpful
17
Replies

Tunnel Recursive Routing over EZVPN (Removed)

K-Grev
Level 1
Level 1

Discussion removed. Solution not pertinent to issue.

 

Thanks for time and assistance.

 

Don't know how to delete thread

17 Replies 17

K-Grev
Level 1
Level 1

Repeat post (forum page wouldnt load my replay)

Hello,

 

the easiest way to resolve the recursive routing would be to use static routes to the tunnel destinations, which would override the OSPF learned routes:

 

LTE_ROUTER

ip route 10.2.22.1 255.255.255.255 GigabitEthernet2.10

 

Cisco4500X

ip route 10.2.9.34 255.255.255.255 outgoing_interface

Mr Pauwen,

 

Thank you very much for your reply. I put the routes is as stated but unfortunately the recursive routing still occurs. Is there any output that would be helpful to you?

Hello,

 

with both static routes configured, what is the output of 'show ip route' on both devices with regard to the tunnel destination ?

 

The routes to the respective tunnel destinations should NOT go through the tunnel itself...is that the case ?

Sir ,

 

Here is out with tunnel down.

20200917_13423711.jpg

 

And here is output when the tunnel comes up for a brief moment.

 

20200917_134843(1).jpg

 

Of note, g2.10 is not my outgoing interface. Cell0 is technically the way out with a dynamic ip from At&t that terminates to our ASA via the EZVPN on the LTE router from the output.

Hello,

 

I do not see the static host routes. How do the static host routes I suggested earlier show up in the running configurations ?

 

You can test by sending a traceroute to the respective tunnel destinations, from each router. What is the first hop ?

Sir,

Thank you for your help. Have to step away for a bit. But I will get this
information for you later.
I did put the routes in exactly as you stated though.
Again, I will get this information to you as soon as possible.

Thanks for your help.

Sir,

 

Here is output from the LTE Router. I did it with and without the route.

20200917_181758.jpg

 

And here is output from the 4500X router.

20200917_183839.jpg

 

And here is output from the ASA the VPN terminates at from the LTE router showing ospf routes from the 4500X

20200917_184233.jpg

Hello,

 

is your ASA allowing GRE traffic through ? The access list applied to the ASA outside interface should look something like below:

 

access-list OUT-IN-ACL extended permit gre any any
access-group OUT-IN-ACL in interface outside

So in this case for this test. I have an acl for LTE-Routers. There are many acls in there but at the top I have an ANY/ANY for testing. Currently GRE isnt being blocked as the tunnel does form.

Hello

You need to negate the advertisement of the tunnel source/destinations through the tunnel itself., Static routes in your case won’t work as your redistributing those statics through the tunnel.via ospf, If you wish to use static routing for the transit path for the tunnel then don’t advertise them through the tunnel.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

So remove the static routes and the advertisement of the Tunnel destinations at each end. Do I associate the tunnel with ospf at all like with "ip ospf 10 area 0" on the tunnel itself or disregard that as well?

 

Also, is there a problem with the tunnel dest being int vlan 10 on the 4500. I would need to advertise that so the ASA know of it correct? Or is not not an issue here?

 

Then also remove the static routes so that they are not redistributed through the ospf.

 

Here is an updated config for each after these updates.

 

LTE_ROUTER

20200918_101652.jpg

 

4500X

20200918_103106.jpg

20200918_103138.jpg

 

Hope this is helping, let me know if you need anything else.

K-Grev
Level 1
Level 1

Should I change my tunnel destinations to unadvertised interfaces?

Or could I do a router map filter to not advertise the tunnel interface back to itself?

Hello,

 

redistribute the static routes but exclude the ones that point to the respective tunnel destinations, using route maps.

Review Cisco Networking for a $25 gift card