M
M
Metalhacker972020-07-30 13:12:36
network hardware
Metalhacker97, 2020-07-30 13:12:36

GRE tunnel over GRE. Is it possible to?

Hello!
There is such a, at first glance, a complex network diagram.
5f229d102a1f9529587836.png
CISCO 1 remote point, CISCO 2 central node.
An IRZ router with an operator's SIM card with APN address 10.100.0.1 is installed at the remote point. Link network between CISCO 1 and IRZ 192.168.0.0 /30.
At the central node there is a certain junction with the operator - a link network 10.120.0.0 /30, through which APN addresses work. For APN address to work on CISCO 2, a static route is prescribed: ip route 10.100.0.1 255.255.255.255 10.120.0.2
The task was to build connectivity between CISCO 1 and CISCO 2 via IRZ.
To do this, a GRE tunnel was first built between CISCO 2 and IRZ.
GRE tunnel configuration on CISCO 2:

interface Tunnel1
 description Link-to-IRZ-via-APN
 ip address 10.22.0.2 255.255.255.252
 ip mtu 1400
 tunnel source 10.120.0.1
 tunnel destination 10.100.0.1

Response configuration on IRZ:
Local Address: 10.100.0.1
Remote Address: 10.120.0.1
Network Type: L3
Tunnel IP: 10.22.0.1
Tunnel Mask: 255.255.255.252
Установлен флажок в поле: Don't Fragment packets

Connectivity between IRZ and CISCO 2 is established, ping is on.

Next, you need to raise the tunnel between CISCO 1 and CISCO 2. This is already more interesting.
On CISCO 1 tunnel configuration:
interface Tunnel2
 description Link-to-CISCO-2-via-IRZ
 ip address 10.21.0.1 255.255.255.252
 ip mtu 1400
 tunnel source 192.168.0.1
 tunnel destination 10.22.0.2

And a static route is registered:
ip route 10.22.0.2 255.255.255.255 192.168.0.2

On CISCO 2, the tunnel configuration is:
interface Tunnel2
 description Link-to-CISCO-1-via-IRZ
 ip address 10.21.0.2 255.255.255.252
 ip mtu 1400
 tunnel source 10.22.0.2
 tunnel destination 192.168.0.1

And a static route is registered:
ip route 192.168.0.1 255.255.255.255 10.22.0.1

But this tunnel is no longer working. I can not figure out what is the reason and should it even work?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
S
Sergey, 2020-07-30
@sergey_privacy

Alternatively, you can try:
1. Specify in static routing not addresses, but specific tunnels like
ip route 192.168.0.1 255.255.255.255 Tunnel0
2. Check the statics on all devices. Most likely, on the side of the branch, it will be correct to use 2 entries in statics: the 1st entry to specify the route to the provider, and the second entry to wrap all traffic to the tunnel: ip route 0.0.0.0 0.0.0.0 Tunnel0
3. Try to set keepalive 2 3 on the tunnels. We had a problem on some cats with some IOSs when the tunnel did not work without constant keepalive packets.
4. Turn on the debug and see where things go and where they don't

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question