Solved: GRE Tunnel packet drops when "tunnel mode ipsec ipv4" is applied

diesel · ‎02-11-2018

Hi,

I am running into an issue when using tunnel protection on my gre tunnel. Below is a sample of what things look like

R3[.2]<10.1.1.0/24>[.1]R1>>>Internet<<<R2[.3]<172.16.1.0/24>[.254]R4

the "internet" is router permited to allow only isakmp and esp for tunnel establishment. I am running BGP between R1 and R2 through the tunnel. The tunnel comes up the prefixes are being learned but when i try to ping from [.1] of R1 to [.254] R4 the ping reaches R4 (debug ip icmp) and an echo reply is sent but R2 does not route back through the tunnel. The [.1] address of R1 can ping [.3] of R2 so the subnet is reachable.

If i remove "tunnel mode ipsec ipv4" from the tunnel configs everything works fine.

Rob Ingram · ‎02-11-2018

Hi,

Are you running this in GNS3? What IOS version are you using?

I applied your config in my lab changing only the interface and with "tunnel mode ipsec ipv4" and this worked, I could successfully ping 172.16.1.3 source 10.1.1.1.

I was using IOSv 15.4, I previously had issues with VTI's with the older 7200 series IOS images.

View solution in original post

Rob Ingram · ‎02-11-2018

Hi,

Are you running this in GNS3? What IOS version are you using?

I applied your config in my lab changing only the interface and with "tunnel mode ipsec ipv4" and this worked, I could successfully ping 172.16.1.3 source 10.1.1.1.

I was using IOSv 15.4, I previously had issues with VTI's with the older 7200 series IOS images.

diesel · ‎02-11-2018

You were spot on. I was running GNS3 and after posting this had noticed this happening with a number of my 7200 IOS versions. Switch to a 3725 image and had this working without issue.