11-04-2022 05:48 PM
Hi Team,
Attached is tunnel topology. I am trying to build ipsec tunnel from R1 to R7.
Following is R1 config and R7 config
R1
en
ter len 0
conf t
host R1
ip access-list extended Tun_R1_R7
permit gre host 30.0.0.1 host 30.0.0.9
exit
crypto isakmp policy 10
authentication pre-share
hash md5
encryption aes 256
group 24
!
crypto isakmp key Tunnel1_7 address 30.0.0.9
!
crypto ipsec transform-set Tun1_7 esp-aes esp-sha-hmac
mode transport
exit
crypto map R1_R7 10 ipsec-isakmp
match address Tun_R1_R7
set transform Tun1_7
set peer 30.0.0.9
exit
int lo0
ip add 1.1.1.1 255.255.255.255
int gi0/0
ip add 30.0.0.1 255.255.255.252
crypto map R1_R7
no shut
int gi0/1
ip add 10.0.0.1 255.255.255.252
no shut
int gi0/2
ip add 10.0.0.65 255.255.255.252
no shut
int gi0/3
ip add 11.0.0.1 255.255.255.252
no shut
int tun1
bandwidth 4000
ip add 50.0.0.1 255.255.255.252
ip mtu 1400
tunnel source gi0/0
tunnel destination 30.0.0.9
exit
router ospf 1
router-id 1.1.1.1
network 11.0.0.0 0.0.0.3 area 0
network 10.0.0.0 0.0.0.127 area 1
exit
router bgp 65012
bgp router-id 1.1.1.1
neighbor 30.0.0.2 remote-as 65120
neighbor 30.0.0.2 activate
neighbor 50.0.0.2 remote-as 65078
neighbor 50.0.0.2 activate
network 30.0.0.0 mask 255.255.255.252
network 50.0.0.0 mask 255.255.255.252
distance 200 50.0.0.2 0.0.0.0
end
R7
en
ter len 0
conf t
host R7
ip access-list extended Tun_R1_R7
permit gre host 30.0.0.9 host 30.0.0.1
exit
crypto isakmp policy 10
authentication pre-share
hash md5
encryption aes 256
group 24
!
crypto isakmp key Tunnel1_7 address 30.0.0.1
!
crypto ipsec transform-set Tun1_7 esp-aes esp-sha-hmac
mode transport
exit
crypto map R1_R7 10 ipsec-isakmp
match address Tun_R1_R7
set transform Tun1_7
set peer 30.0.0.1
exit
int lo0
ip add 7.7.7.7 255.255.255.255
int gi0/0
ip add 30.0.0.9 255.255.255.252
crypto map R1_R7
no shut
int gi0/1
ip add 20.0.0.1 255.255.255.252
no shut
int gi0/2
ip add 20.0.0.65 255.255.255.252
no shut
int gi0/3
ip add 21.0.0.1 255.255.255.252
no shut
int tun1
bandwidth 4000
ip add 50.0.0.2 255.255.255.252
ip mtu 1400
tunnel source gi0/0
tunnel destination 30.0.0.1
exit
router ospf 2
router-id 7.7.7.7
network 21.0.0.0 0.0.0.3 area 0
network 20.0.0.0 0.0.0.127 area 1
exit
router bgp 65078
bgp router-id 7.7.7.7
neighbor 30.0.0.10 remote-as 65120
neighbor 30.0.0.10 activate
neighbor 50.0.0.1 remote-as 65012
neighbor 50.0.0.1 activate
network 30.0.0.8 mask 255.255.255.252
network 50.0.0.0 mask 255.255.255.252
distance 200 50.0.0.1 0.0.0.0
end
wr
sh ip int br
sh run | sec router
In between R1 & R7 BGP and OSPF routing on SP_R1 & SP_R2 and redistributed routes too.
But got log as attached Tun_topology_recursive route log.jpg
Unable to understand where i go wrong here.
This same i tested on with Tunnel network 50.0.0.0/30 routed on OSPF and is successful there. But here went wrong.
Please let me know what's wrong here.
11-05-2022 02:20 AM
the tunnel have two layer
overlayer network 50.0.0.0/30
underlayer network 30.0.0.0/30
you mistake is you confiug both under BGP, that not correct,
under BGP you must advertise only overlayer network 50.0.0.0/30 and remove the 30.0.0.0/30 (tunnel source/destination)
11-05-2022 04:20 PM
Hi MHM Cisco World,
Thank you for your reply and correcting me.
So any tunneling network i configure, that has to be separately routed.
11-05-2022 04:38 PM
Yes tunnel ip and any route use tunnel must config in your case under bgp,
Tunnel source must not config under bgp.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide