05-22-2017 02:19 AM
Hello There,
Recently I have configure the GRE on both the cisco routers on two locations, I got everything setup like below, but the traffic cannot pass.
configuration:
Router A:
interface tunnel0
ip address 10.10.10.1 255.255.255.0
tunnel source [public ip address of router A]
tunnel destination [public ip address of router B]
Router B:
interface tunnel0
ip address 10.10.10.2 255.255.255.0
tunnel source [public ip address of router B]
tunnel destination [public ip address of router A]
I also permit the gre traffic of any to any on WAN to self and Self to WAN security zone.
Still nothing works. Hope someone can enlight me about what could be the issue.
Thanks in advance.
05-22-2017 02:30 AM
Hi,
If your tunnel interface is up/up, then did you point your routes to exit tunnel interface.
Also, try to permit any in your security zones for testing.
05-22-2017 02:32 AM
Hi,
Thanks for the reply.
When you said point the routes exit tunnel interface, did you mean the routes to remote LAN? If you do, then yes.
I checked tons of documents, if the tunnel is up, then both tunnel interfaces should be able to ping each other, but I cannot.
05-22-2017 02:34 AM
I mean 'ip route x.x.x.x x.x.x.x t0'
Also, not necessary to ping tunnel interfaces. Try to ping the LAN behind the tunnels.
05-22-2017 02:38 AM
Hi,
I do have the routes in place, and as you suggested, I do try to ping the LAN behind the tunnels, still no luck.
05-22-2017 03:03 AM
If you trace route using source interface from LAN, where is the traffic dropping.
Do you have route on the other router (GRE Peer)?
05-22-2017 03:05 AM
Hi, If I trace route from the source interface for example an LAN host, then the last hop is the LAN ip address of the router.
Yes, I do have the matching routes on the peer.
05-22-2017 03:10 AM
I think worth checking the firewall rules.
Try to perform captures on the routers to see whether return packets are coming or not
05-22-2017 03:18 AM
I see the packets count increase on router A of ACL for gre, but there is nothing on router B for the same ACL, it looks like the packet did not reach to other side.
Any ideas?
05-22-2017 03:21 AM
post full config both sides,
03-27-2018 04:51 AM
Hii,
could you fix the issue. If yes, pls post the details. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide