Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
136
Views
0
Helpful
0
Replies

After I configured VPN into my topology the connection dropped

ithanvasserman
Level 1
Level 1

‎01-30-2025 10:26 AM

My topology contains 3 branches (Clusters) each cluster representing full working network, 2 ISP routers (1 ISP for branch 1 and 2) and a BGP ring (the ISP routers connected to different routers in the BGP ring). The branches could communicate between them with the GRE but after I configured VPN into my CORE routers in branch 1 and 2 I couldn't send ping between them and the GRE tunnels anymore. Help me please I'm on it for more then 2 weeks, I don't know what to do (I rewatched my configurations so many times and I still can't see the issue).

ithanvasserman_0-1738260815679.png

RT1 CFG:
Current configuration : 3963 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname RT1-CORE-SH

!

!

!

!

ip dhcp excluded-address 10.1.21.128 10.1.21.254

ip dhcp excluded-address 10.1.23.128 10.1.23.254

ip dhcp excluded-address 10.1.25.128 10.1.25.254

ip dhcp excluded-address 10.1.31.128 10.1.31.254

ip dhcp excluded-address 10.1.33.128 10.1.33.254

ip dhcp excluded-address 10.1.35.128 10.1.35.254

!

ip dhcp pool Vlan21(DEV)

network 10.1.21.0 255.255.255.0

default-router 10.1.21.254

dns-server 10.1.101.5

ip dhcp pool Vlan23(IT)

network 10.1.23.0 255.255.255.0

default-router 10.1.23.254

dns-server 10.1.101.5

ip dhcp pool Vlan25(MNG)

network 10.1.25.0 255.255.255.0

default-router 10.1.25.254

dns-server 10.1.101.5

ip dhcp pool Vlan31(CS)

network 10.1.31.0 255.255.255.0

default-router 10.1.31.254

dns-server 10.1.111.5

ip dhcp pool Vlan33(RA)

network 10.1.33.0 255.255.255.0

default-router 10.1.33.254

dns-server 10.1.111.5

ip dhcp pool Vlan35(PM)

network 10.1.35.0 255.255.255.0

default-router 10.1.35.254

dns-server 10.1.111.5

ip dhcp pool SH_SERVERS_SW0

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO1941/K9 sn FTX1524OAF0-

license boot module c1900 technology-package securityk9

!

!

!

!

!

!

!

!

!

ip domain-name doorlocks.com

!

!

spanning-tree mode rapid-pvst

!

!

!

!

!

!

interface Tunnel111

ip address 13.1.10.1 255.255.255.252

mtu 1476

tunnel source GigabitEthernet0/0/0

tunnel destination 90.200.11.31

!

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.21

encapsulation dot1Q 21

ip address 10.1.21.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.21.254

standby 1 priority 110

standby 1 preempt

!

interface GigabitEthernet0/0.23

encapsulation dot1Q 23

ip address 10.1.23.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.23.254

standby 1 priority 110

standby 1 preempt

!

interface GigabitEthernet0/0.25

encapsulation dot1Q 25

ip address 10.1.25.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.25.254

standby 1 priority 110

standby 1 preempt

!

interface GigabitEthernet0/0.31

encapsulation dot1Q 31

ip address 10.1.31.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.31.254

standby 1 priority 90

standby 1 preempt

!

interface GigabitEthernet0/0.33

encapsulation dot1Q 33

ip address 10.1.33.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.33.254

standby 1 priority 90

standby 1 preempt

!

interface GigabitEthernet0/0.35

encapsulation dot1Q 35

ip address 10.1.35.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.35.254

standby 1 priority 90

standby 1 preempt

!

interface GigabitEthernet0/0.101

encapsulation dot1Q 101

ip address 10.1.101.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.101.254

standby 1 priority 110

standby 1 preempt

!

interface GigabitEthernet0/0.111

encapsulation dot1Q 111

ip address 10.1.111.252 255.255.255.0

ip nat inside

standby 1 ip 10.1.111.254

standby 1 priority 90

standby 1 preempt

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/0

ip address 2.22.222.2 255.255.255.0

ip nat outside

!

interface GigabitEthernet0/1/0

no ip address

!

interface Vlan1

no ip address

shutdown

!

ip nat inside source list TO-NAT-ACL interface GigabitEthernet0/0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 2.22.222.1

ip route 10.2.0.0 255.255.0.0 13.1.10.2

ip route 10.3.0.0 255.255.0.0 13.1.10.2

ip route 172.16.100.0 255.255.255.0 13.1.10.2

!

ip flow-export version 9

!

!

ip access-list extended TO-NAT-ACL

permit ip any any

deny ip any any

ip access-list extended VPNTraffic

permit gre host 2.22.222.2 host 90.200.11.31

!

banner motd ^CPlease dear USER/ADMIN DO NOT chnage the current configurations on this device!!! It is already configured and well maintained!^C

!

!

!

!

logging 10.1.101.4

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

ntp server 10.1.101.4

!

end

RT2 CFG:
Current configuration : 2056 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname RT1-CORE-CQ

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO1941/K9 sn FTX1524NM68-

license boot module c1900 technology-package securityk9

!

!

!

!

!

!

!

!

!

ip domain-name doorlocks.com

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface Tunnel111

ip address 13.1.10.2 255.255.255.252

mtu 1476

tunnel source GigabitEthernet0/1/0

tunnel destination 2.22.222.2

!

!

interface GigabitEthernet0/0

ip address 172.168.1.1 255.255.255.252

ip nat inside

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/0

ip address 172.16.100.2 255.255.255.0

ip nat inside

!

interface GigabitEthernet0/1/0

ip address 90.200.11.31 255.255.255.0

ip nat outside

!

interface Vlan1

no ip address

shutdown

!

router eigrp 111

eigrp router-id 1.1.1.1

redistribute ospf 111 metric 10000 100 255 1 1500

redistribute static

network 172.168.1.0 0.0.0.3

network 172.16.100.0 0.0.0.255

network 90.200.11.0 0.0.0.255

!

router ospf 111

router-id 100.100.100.100

log-adjacency-changes

redistribute eigrp 111 subnets

redistribute static subnets

network 172.16.100.0 0.0.0.255 area 0

network 172.168.1.0 0.0.0.3 area 0

network 90.200.11.0 0.0.0.255 area 0

default-information originate

!

ip nat inside source list TO-NAT-ACL interface GigabitEthernet0/1/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 90.200.11.32

ip route 0.0.0.0 0.0.0.0 10.10.10.2

ip route 10.1.0.0 255.255.0.0 13.1.10.1

!

ip flow-export version 9

!

!

ip access-list extended TO-NAT-ACL

permit ip any any

deny ip any any

ip access-list extended VPNTraffic

permit gre host 90.200.11.31 host 2.22.222.2

!

banner motd ^CPlease dear USER/ADMIN DO NOT chnage the current configurations on this device!!! It is already configured and well maintained!^C

!

!

!

!

logging 10.2.131.4

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

ntp server 10.2.131.4

!

end

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents