GRE tunnel setup but no traffic can pass
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 02:19 AM
Hello There,
Recently I have configure the GRE on both the cisco routers on two locations, I got everything setup like below, but the traffic cannot pass.
configuration:
Router A:
interface tunnel0
ip address 10.10.10.1 255.255.255.0
tunnel source [public ip address of router A]
tunnel destination [public ip address of router B]
Router B:
interface tunnel0
ip address 10.10.10.2 255.255.255.0
tunnel source [public ip address of router B]
tunnel destination [public ip address of router A]
I also permit the gre traffic of any to any on WAN to self and Self to WAN security zone.
Still nothing works. Hope someone can enlight me about what could be the issue.
Thanks in advance.
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 02:30 AM
Hi,
If your tunnel interface is up/up, then did you point your routes to exit tunnel interface.
Also, try to permit any in your security zones for testing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 02:32 AM
Hi,
Thanks for the reply.
When you said point the routes exit tunnel interface, did you mean the routes to remote LAN? If you do, then yes.
I checked tons of documents, if the tunnel is up, then both tunnel interfaces should be able to ping each other, but I cannot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 02:34 AM
I mean 'ip route x.x.x.x x.x.x.x t0'
Also, not necessary to ping tunnel interfaces. Try to ping the LAN behind the tunnels.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 02:38 AM
Hi,
I do have the routes in place, and as you suggested, I do try to ping the LAN behind the tunnels, still no luck.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 03:03 AM
If you trace route using source interface from LAN, where is the traffic dropping.
Do you have route on the other router (GRE Peer)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 03:05 AM
Hi, If I trace route from the source interface for example an LAN host, then the last hop is the LAN ip address of the router.
Yes, I do have the matching routes on the peer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 03:10 AM
I think worth checking the firewall rules.
Try to perform captures on the routers to see whether return packets are coming or not
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 03:18 AM
I see the packets count increase on router A of ACL for gre, but there is nothing on router B for the same ACL, it looks like the packet did not reach to other side.
Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2017 03:21 AM
post full config both sides,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-27-2018 04:51 AM
Hii,
could you fix the issue. If yes, pls post the details. Thanks.