Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1402
Views
0
Helpful
1
Replies

mGRE Tunnel is not establishing between two cisco routers

jayms1992
Level 1
Level 1

‎08-06-2012 01:04 AM

A multipoint GRE (mGRE) and IPSec tunnel is built between two routers. The topology of the device is briefied below:

Configuration in End Router:

This is a cisco 2811 router. Amoung 2 ethernet interface ,one is using for LAN and one is for WAN. In WAN part , we have configured mGRE (Tunnel1 and Tunnel 2)by creating sub-interface of the router. From the interface ,we terminating the link to MPLS cloud from there its pointing towards our core router.

From End router we are advertising the path through EIGRP and from the cloud BGP advertisied to the core router.

Below is the configuration of the End Router:

crypto ipsec transform-set test esp-3des esp-md5-hmac

mode transport

!

crypto map yesbank 10 ipsec-isakmp

set peer 192.168.80.2

set transform-set test

match address 110

crypto map yesbank 20 ipsec-isakmp

set peer 192.168.80.142

set transform-set test

match address 120

!

interface Loopback0

ip address 192.168.60.6 255.255.255.255

!

interface Tunnel1

description *** CONNECTED TO DAKC PRIMARY ROUTER ***

bandwidth 4000

ip address 10.28.0.2 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1436

load-interval 30

delay 2000

tunnel source Loopback0

tunnel destination 192.168.60.1

!

interface Tunnel2

description <<<Connected to DAKC Secondary Router>>>

bandwidth 3000

ip address 10.28.0.154 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1436

load-interval 30

delay 3000

keepalive 5 15

tunnel source Loopback0

tunnel destination 192.168.60.35

!

interface FastEthernet0/0

description ***SIFY WIRELESS MPLS LINK ***

bandwidth 2048

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

load-interval 30

speed 100

full-duplex

!

interface FastEthernet0/0.143

description *** SUBINTERFACE FOR SIFY WIRELESS LINK ***

bandwidth 2048

encapsulation dot1Q 143

ip address 192.168.80.34 255.255.255.252

ip flow ingress

ip flow egress

crypto map yesbank

!

interface FastEthernet0/1

description ***BLR LAN***

ip address 10.160.0.3 255.255.252.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip accounting output-packets

ip route-cache flow

speed auto

full-duplex

glbp 1 ip 10.160.0.1

glbp 1 priority 120

glbp 1 preempt

service-policy input YES

access-list 110 permit gre host 192.168.60.6 host 192.168.60.1

access-list 120 permit gre host 192.168.60.6 host 192.168.60.35

Show Tech of the End router also attached . Kindly requesting for the solution ASAP.

Labels:
132805-End Router _showtech.txt.zip
0 Helpful
1 Reply 1

Jonatan Jonasson
Level 4
Level 4

‎08-06-2012 05:43 AM

Hi,

Asuming that crypto & routing are working correctly, if I remember correctly you need to specify a tunnel key ("tunnel key" command under interface tunnel configuration) when you are sourcing multiple GRE tunnels from the same source interface (Loopback0 in your example).

So for each tunnel specify a different tunnel key (both ends need to match).

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents