cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
378
Views
5
Helpful
3
Replies

IP Sec Tunnel Recursive routing

vikamchintan
Level 1
Level 1

Hi Team,

Attached is tunnel topology. I am trying to build ipsec tunnel from R1 to R7.

Following is R1 config and R7 config

R1
en
ter len 0
conf t
host R1
ip access-list extended Tun_R1_R7
permit gre host 30.0.0.1 host 30.0.0.9
exit
crypto isakmp policy 10
authentication pre-share
hash md5
encryption aes 256
group 24
!
crypto isakmp key Tunnel1_7 address 30.0.0.9
!
crypto ipsec transform-set Tun1_7 esp-aes esp-sha-hmac
mode transport
exit
crypto map R1_R7 10 ipsec-isakmp
match address Tun_R1_R7
set transform Tun1_7
set peer 30.0.0.9
exit
int lo0
ip add 1.1.1.1 255.255.255.255
int gi0/0
ip add 30.0.0.1 255.255.255.252
crypto map R1_R7
no shut
int gi0/1
ip add 10.0.0.1 255.255.255.252
no shut
int gi0/2
ip add 10.0.0.65 255.255.255.252
no shut
int gi0/3
ip add 11.0.0.1 255.255.255.252
no shut
int tun1
bandwidth 4000
ip add 50.0.0.1 255.255.255.252
ip mtu 1400
tunnel source gi0/0
tunnel destination 30.0.0.9
exit
router ospf 1
router-id 1.1.1.1
network 11.0.0.0 0.0.0.3 area 0
network 10.0.0.0 0.0.0.127 area 1
exit
router bgp 65012
bgp router-id 1.1.1.1
neighbor 30.0.0.2 remote-as 65120
neighbor 30.0.0.2 activate
neighbor 50.0.0.2 remote-as 65078
neighbor 50.0.0.2 activate
network 30.0.0.0 mask 255.255.255.252
network 50.0.0.0 mask 255.255.255.252
distance 200 50.0.0.2 0.0.0.0
end

 

R7

en
ter len 0
conf t
host R7
ip access-list extended Tun_R1_R7
permit gre host 30.0.0.9 host 30.0.0.1
exit
crypto isakmp policy 10
authentication pre-share
hash md5
encryption aes 256
group 24
!
crypto isakmp key Tunnel1_7 address 30.0.0.1
!
crypto ipsec transform-set Tun1_7 esp-aes esp-sha-hmac
mode transport
exit
crypto map R1_R7 10 ipsec-isakmp
match address Tun_R1_R7
set transform Tun1_7
set peer 30.0.0.1
exit
int lo0
ip add 7.7.7.7 255.255.255.255
int gi0/0
ip add 30.0.0.9 255.255.255.252
crypto map R1_R7
no shut
int gi0/1
ip add 20.0.0.1 255.255.255.252
no shut
int gi0/2
ip add 20.0.0.65 255.255.255.252
no shut
int gi0/3
ip add 21.0.0.1 255.255.255.252
no shut
int tun1
bandwidth 4000
ip add 50.0.0.2 255.255.255.252
ip mtu 1400
tunnel source gi0/0
tunnel destination 30.0.0.1
exit
router ospf 2
router-id 7.7.7.7
network 21.0.0.0 0.0.0.3 area 0
network 20.0.0.0 0.0.0.127 area 1
exit
router bgp 65078
bgp router-id 7.7.7.7
neighbor 30.0.0.10 remote-as 65120
neighbor 30.0.0.10 activate
neighbor 50.0.0.1 remote-as 65012
neighbor 50.0.0.1 activate
network 30.0.0.8 mask 255.255.255.252
network 50.0.0.0 mask 255.255.255.252
distance 200 50.0.0.1 0.0.0.0
end
wr
sh ip int br
sh run | sec router

 

In between R1 & R7 BGP and OSPF routing on SP_R1 & SP_R2 and redistributed routes too.

But got log as attached Tun_topology_recursive route log.jpg 

Unable to understand where i go wrong here.

This same i tested on with Tunnel network 50.0.0.0/30 routed on OSPF and is successful there. But here went wrong.

Please let me know what's wrong here. 

3 Replies 3

the tunnel have two layer 
overlayer network 50.0.0.0/30
underlayer network 30.0.0.0/30

you mistake is you confiug both under BGP, that not correct, 
under BGP you must advertise only overlayer network 50.0.0.0/30 and remove the 30.0.0.0/30 (tunnel source/destination)


vikamchintan
Level 1
Level 1

Hi MHM Cisco World,

Thank you for your reply and correcting me.

So any tunneling network i configure, that has to be separately routed.

Yes tunnel ip and any route use tunnel must config in your case under bgp,

Tunnel source must not config under bgp.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: