02-11-2018 08:04 AM - edited 03-12-2019 05:00 AM
Hi,
I am running into an issue when using tunnel protection on my gre tunnel. Below is a sample of what things look like
R3[.2]<10.1.1.0/24>[.1]R1>>>Internet<<<R2[.3]<172.16.1.0/24>[.254]R4
the "internet" is router permited to allow only isakmp and esp for tunnel establishment. I am running BGP between R1 and R2 through the tunnel. The tunnel comes up the prefixes are being learned but when i try to ping from [.1] of R1 to [.254] R4 the ping reaches R4 (debug ip icmp) and an echo reply is sent but R2 does not route back through the tunnel. The [.1] address of R1 can ping [.3] of R2 so the subnet is reachable.
If i remove "tunnel mode ipsec ipv4" from the tunnel configs everything works fine.
Solved! Go to Solution.
02-11-2018 12:02 PM
Hi,
Are you running this in GNS3? What IOS version are you using?
I applied your config in my lab changing only the interface and with "tunnel mode ipsec ipv4" and this worked, I could successfully ping 172.16.1.3 source 10.1.1.1.
I was using IOSv 15.4, I previously had issues with VTI's with the older 7200 series IOS images.
02-11-2018 12:02 PM
Hi,
Are you running this in GNS3? What IOS version are you using?
I applied your config in my lab changing only the interface and with "tunnel mode ipsec ipv4" and this worked, I could successfully ping 172.16.1.3 source 10.1.1.1.
I was using IOSv 15.4, I previously had issues with VTI's with the older 7200 series IOS images.
02-11-2018 02:26 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide