Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3454
Views
0
Helpful
10
Replies

GRE tunnel setup but no traffic can pass

4flowShanghai
Level 1
Level 1

‎05-22-2017 02:19 AM

Hello There,

Recently I have configure the GRE on both the cisco routers on two locations, I got everything setup like below, but the traffic cannot pass.

configuration:

Router A:

interface tunnel0

 ip address 10.10.10.1 255.255.255.0

tunnel source [public ip address of router A]

tunnel destination [public ip address of router B]

Router B:

interface tunnel0

 ip address 10.10.10.2 255.255.255.0

tunnel source [public ip address of router B]

tunnel destination [public ip address of router A]

I also permit the gre traffic of any to any on WAN to self and Self to WAN security zone.

Still nothing works. Hope someone can enlight me about what could be the issue.

Thanks in advance.

Labels:
0 Helpful
10 Replies 10

Mohammed al Baqari
Level 11
Level 11

‎05-22-2017 02:30 AM

Hi,

If your tunnel interface is up/up, then did you point your routes to exit tunnel interface.

Also, try to permit any in your security zones for testing. 

0 Helpful

4flowShanghai
Level 1
Level 1
In response to Mohammed al Baqari

‎05-22-2017 02:32 AM

Hi,

Thanks for the reply.

When you said point the routes exit tunnel interface, did you mean the routes to remote LAN? If you do, then yes.

I checked tons of documents, if the tunnel is up, then both tunnel interfaces should be able to ping each other, but I cannot.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to 4flowShanghai

‎05-22-2017 02:34 AM

I mean 'ip route x.x.x.x x.x.x.x t0'

Also, not necessary to ping tunnel interfaces. Try to ping the LAN behind the tunnels. 

0 Helpful

4flowShanghai
Level 1
Level 1
In response to Mohammed al Baqari

‎05-22-2017 02:38 AM

Hi,

I do have the routes in place, and as you suggested, I do try to ping the LAN behind the tunnels, still no luck.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to 4flowShanghai

‎05-22-2017 03:03 AM

If you trace route using source interface from LAN, where is the traffic dropping. 

Do you have route on the other router (GRE Peer)?

0 Helpful

4flowShanghai
Level 1
Level 1
In response to Mohammed al Baqari

‎05-22-2017 03:05 AM

Hi, If I trace route from the source interface for example an LAN host, then the last hop is the LAN ip address of the router.

Yes, I do have the matching routes on the peer.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to 4flowShanghai

‎05-22-2017 03:10 AM

I think worth checking the firewall rules. 

Try to perform captures on the routers to see whether return packets are coming or not

0 Helpful

4flowShanghai
Level 1
Level 1
In response to Mohammed al Baqari

‎05-22-2017 03:18 AM

I see the packets count increase on router A of ACL for gre, but there is nothing on router B for the same ACL, it looks like the packet did not reach to other side. 

Any ideas?

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to 4flowShanghai

‎05-22-2017 03:21 AM

post full config both sides,

0 Helpful

maradona.mathew
Level 1
Level 1
In response to 4flowShanghai

‎03-27-2018 04:51 AM

Hii,

 

could you fix the issue. If yes, pls post the details. Thanks.

0 Helpful
Customers Also Viewed These Support Documents