10-28-2014 01:31 AM
Hello Everyone,
I have a problem setting up GRE tunnel ( w/o any encryption) between Cisco 2611 and 2621. IOS version is the same c2600-ik9o3s3-mz.123-26.bin.
The problem is that after configuring both devices I can not ping 2611 from 2621 over tunnel. I added a rule on 2611 WAN interface, so I could see incoming GRE packets. During the ping process I do NOT see any matches on this rule. But as soon as I ping 2621 from 2611, 2621 can ping 2611 as well and I see matches on this rule.
The same thing happens with IPSEC tunnel, but first I would like to resolve issue with GRE as I think the have the same roots.
Can you please advice how I can resolve this issue ?
Thank you
Regards,
Alex
10-28-2014 11:13 PM
hi,
please post sanitized config from your 2611 and 2621 to further analyze.
10-29-2014 08:28 AM
Alex,
Your config should look something like this. I think you might be missing the routes.
R2621(config)# interface Tunnel1
R2621(config-if)# ip address 10.10.10.1 255.255.255.0 <--- You can make this what ever private IP address you want that is not used in your network
R2621(config-if)# ip mtu 1400 <--- This sets the MTU
R2621(config-if)# ip tcp adjust-mss 1360 <--- This will help with not fragmenting the packets
R2621(config-if)# tunnel source 1.1.1.1 <--- Public IP address goes here
R2621(config-if)# tunnel destination 2.2.2.2 <--- Public IP address goes here
R2621(config-if)#exit
R2621(config)# ip route XXX.XXX.XXX.0 255.255.255.0 10.10.10.2 <--- replace xxx.xxx.xxx.xxx with the network on the 2611 side
*********************************************************
R2611(config)# interface Tunnel1
R2611(config-if)# ip address 10.10.10.2 255.255.255.0 <--- You can make this what ever private IP address you want that is not used in your network
R2611(config-if)# ip mtu 1400
R2611(config-if)# ip tcp adjust-mss 1360
R2611(config-if)# tunnel source 2.2.2.2 <--- Public IP address goes here
R2611(config-if)# tunnel destination 1.1.1.1 <--- Public IP address goes here
R2611(config-if)#exit
R2611(config)# ip route XXX.XXX.XXX.0 255.255.255.0 10.10.10.1 <--- replace xxx.xxx.xxx.xxx with the network on the 2611 side
Hope this helps,
Mike
10-30-2014 02:08 AM
Try changing the route command to the following:
ip route XXX.XXX.XXX.0 255.255.255.0 Tunnel1
Then test and let us know how it goes.
--
Please remember to select a correct answer and rate helpful posts
10-30-2014 02:17 AM
I can not ping 2611 from 2621 over tunnel
When you say this, do you mean you can not ping 10.10.10.2 from R2621 and can not ping 10.10.10.1 from R2611?
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide