Re: GRE Tunnel configuarion

ibegbu.david1 · ‎12-13-2017

Good morning everyone.

Please, i am trying to configure a GRE tunnel for a client from the clients router to connect to another router (provider). After configuration, the provider keeps telling me that the configuration is wrong.

Below is their request:

GRE tunnel ip on your end will be 172.28.230.25/30. ( our end is 172.28.230.26/30 )

Create a loopback of 172.25.230.1/24

Your internal ip address should be Natted within the range 172.25.230.2 – 254 (ip nat inside source static xxxx yyyy)

interface Loopback0

description ****DYNAMIC ROUTING PURPOSE*****

ip address 172.25.230.1 255.255.255.0

ip access-list standard routing-update

(permit all ISW HQ ips under this access list permit 172.25.20.99 )

please note that you need to configure on your interface the required nat statement and also create an eigrp 123 and redistribute the access-list created into the dynamic routing process.

Regards

Below is my config:

interface Loopback0
description *DYNAMIC ROUTING PURPOSE**
ip address 172.25.230.1 255.255.255.0

interface Tunnel1
ip address 172.28.230.25 255.255.255.252
ip access-group 11 in
ip access-group 10 out
ip mtu 1400
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1360
tunnel source 172.28.230.25
tunnel destination 172.28.230.26

interface FastEthernet3
switchport access vlan 10
no ip address
!
interface FastEthernet4
description WAN-PORT
ip address 172.27.2.46 255.255.255.252
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.40.3 255.255.255.0
ip nat inside
ip virtual-reassembly in

router eigrp 123 ----- To main site
network 0.0.0.0

no auto
!
router eigrp 124 ---- To Backup/DR site
network 0.0.0.0

no auto

ip nat inside source static 192.168.40.2 172.25.230.2
ip nat inside source static 192.168.40.3 172.25.230.3
ip route 0.0.0.0 0.0.0.0 172.28.230.26

ip access-list standard IS-DR
permit 172.25.20.99
!
!
access-list 10 permit 192.168.40.2
access-list 10 permit 192.168.40.3
access-list 10 deny any
access-list 11 permit 172.25.20.99

Please, help look at the config and comment if i did what was instructed.

Awaiting you kind response

Thanks

Seb Rupik · ‎12-13-2017

Hi there,

Your tunnel is mis-configured. The purpose of the loopback is to provide a tunnel endpoint:

!
int tunnel1
  tunnel source 172.25.230.1
!

...which you advertise to them via EIGRP.

What you still need is details on the tunnel destination at their end.

cheers,

Seb.

ibegbu.david1 · ‎12-13-2017

Apart from that, is there any correction that is needed to be done?

I have corrected that

tunnel source lo0

Thanks.

Awaiting your kind response

Julio E. Moisa · ‎12-13-2017

Hi

Tunnel source and tunnel destination IP addresses should be the IP addresses of the physical interfaces or physical interface (outside interfaces, for example a g0/0's IP address).

Router A (outside interface) ---- Provider ----- (outside interface) Router B

For example:

Tunnel source FastEthernet4

or

Tunnel source 172.27.2.46

and

Tunnel destination x.x.x.x (the IP address of the physical interface of the remote router), once configured the interface should come up and you can confirm through: show ip interface brief.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<