Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
0
Helpful
1
Replies

Dynamin VPN/GRE can't ping other side of tunnel

Michael Durham
Level 4
Level 4

‎04-23-2013 03:01 PM

I am new at this VPN stuff and tryiong to setup a GRE Dynamic IP VPN between my offfice and home.  Here is what I ahve done thus far:

OFFICE

interface Tunnel0

ip address 172.30.1.1 255.255.255.252

no ip redirects

ip mtu 1400

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip tcp adjust-mss 1360

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 1
!
interface FastEthernet0/0
ip address 40.197.68.9 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

HOME

interface Tunnel0

ip address 172.30.1.2 255.255.255.252

ip mtu 1400

ip nhrp map multicast 40.197.68.9

ip nhrp map 172.30.1.1 40.197.68.9

ip nhrp network-id 1

ip nhrp nhs 172.30.1.1

ip tcp adjust-mss 1360

tunnel source GigabitEthernet0/0

tunnel destination 40.197.68.9

tunnel key 1
!
interface GigabitEthernet0/0
description Router
ip address 192.168.30.1 255.255.255.252
duplex auto
speed auto

When I ping 172.30.1.1 from the HOME router, I get 0/5 success.  Not good!  I have not setup any IPSec yet.

Results for HOME router

show ip nhrp nhs detail
Legend: E=Expecting replies, R=Responding, W=Waiting
Tunnel0:
172.30.1.1   E priority = 0 cluster = 0  req-sent 53  req-failed 0  repl-recv 0

sh int t0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 172.30.1.2/30
  MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 192.168.30.1 (GigabitEthernet0/0), destination 40.197.68.9
   Tunnel Subblocks:
      src-track:
         Tunnel0 source tracking subblock associated with GigabitEthernet0/0
          Set of tunnels with source GigabitEthernet0/0, 1 member (includes iterators), on interface <OK>
  Tunnel protocol/transport GRE/IP
    Key 0x1, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Tunnel transport MTU 1472 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:40:28, output 00:00:25, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     106 packets output, 12612 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

sh ip route

Gateway of last resort is 192.168.30.2 to network 0.0.0.0
S*    0.0.0.0/0 [1/0] via 192.168.30.2
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.110.0.0/24 is directly connected, GigabitEthernet0/1.110
L        10.110.0.1/32 is directly connected, GigabitEthernet0/1.110
C        10.115.0.0/24 is directly connected, GigabitEthernet0/1.115
L        10.115.0.1/32 is directly connected, GigabitEthernet0/1.115
      172.16.0.0/30 is subnetted, 1 subnets
S        172.16.2.0 [1/0] via 192.168.30.6
      172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.30.1.0/30 is directly connected, Tunnel0
L        172.30.1.2/32 is directly connected, Tunnel0
S     192.168.2.0/24 is directly connected, GigabitEthernet0/0
S     192.168.10.0/24 is directly connected, GigabitEthernet0/0
      192.168.30.0/24 is variably subnetted, 4 subnets, 2 masks
C        192.168.30.0/30 is directly connected, GigabitEthernet0/0
L        192.168.30.1/32 is directly connected, GigabitEthernet0/0
C        192.168.30.4/30 is directly connected, GigabitEthernet0/1.30
L        192.168.30.5/32 is directly connected, GigabitEthernet0/1.30
S     192.168.50.0/24 [1/0] via 192.168.30.6
      192.168.69.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.69.0/24 is directly connected, GigabitEthernet0/1.69
L        192.168.69.3/32 is directly connected, GigabitEthernet0/1.69
S     192.168.100.0/24 [1/0] via 192.168.30.6
S     192.168.125.0/24 [1/0] via 192.168.30.6
S     192.168.200.0/24 [1/0] via 192.168.30.6

sh dmvpn

Interface: Tunnel0, IPv4 NHRP Details

Type:Spoke, NHRP Peers:1,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

     1    50.197.68.90      172.30.1.1  NHRP 02:30:17     S

------------------------------------------------------------------------------------------------------------------------------------------------------

Results for OFFICE router

show ip nhrp nhs detail

sh dmvpn


sh int t0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 172.30.1.1/30
  MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 40.197.68.9 (FastEthernet0/0)
   Tunnel Subblocks:
      src-track:
         Tunnel0 source tracking subblock associated with FastEthernet0/0
          Set of tunnels with source FastEthernet0/0, 1 member (includes iterators), on interface <OK>
  Tunnel protocol/transport multi-GRE/IP
    Key 0x1, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Tunnel transport MTU 1472 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:43:56, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

show ip route

S*    0.0.0.0/0 [1/0] via 40.197.68.94
      40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        40.197.68.8/29 is directly connected, FastEthernet0/0
L        40.197.68.9/32 is directly connected, FastEthernet0/0
      172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.30.1.0/30 is directly connected, Tunnel0
L        172.30.1.1/32 is directly connected, Tunnel0
S     192.168.2.0/24 [1/0] via 192.168.10.5
      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, FastEthernet0/1
L        192.168.10.1/32 is directly connected, FastEthernet0/1
S     192.168.69.0/24 is directly connected, FastEthernet0/0


Why can't Io ping from the HOME router to the OFFICE router?

Labels:
0 Helpful
1 Reply 1

Michael Durham
Level 4
Level 4

‎04-23-2013 06:49 PM

I fugured this problem out.  I needed to setup PKI/IKE and once that was done on both routers, my tunned now passes some data.

0 Helpful
Customers Also Viewed These Support Documents