12-13-2017 12:29 AM - edited 03-05-2019 09:38 AM
Good morning everyone.
Please, i am trying to configure a GRE tunnel for a client from the clients router to connect to another router (provider). After configuration, the provider keeps telling me that the configuration is wrong.
Below is their request:
GRE tunnel ip on your end will be 172.28.230.25/30. ( our end is 172.28.230.26/30 )
Create a loopback of 172.25.230.1/24
Your internal ip address should be Natted within the range 172.25.230.2 – 254 (ip nat inside source static xxxx yyyy)
interface Loopback0
description ****DYNAMIC ROUTING PURPOSE*****
ip address 172.25.230.1 255.255.255.0
ip access-list standard routing-update
(permit all ISW HQ ips under this access list permit 172.25.20.99 )
please note that you need to configure on your interface the required nat statement and also create an eigrp 123 and redistribute the access-list created into the dynamic routing process.
Regards
Below is my config:
interface Loopback0
description *DYNAMIC ROUTING PURPOSE**
ip address 172.25.230.1 255.255.255.0
interface Tunnel1
ip address 172.28.230.25 255.255.255.252
ip access-group 11 in
ip access-group 10 out
ip mtu 1400
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1360
tunnel source 172.28.230.25
tunnel destination 172.28.230.26
interface FastEthernet3
switchport access vlan 10
no ip address
!
interface FastEthernet4
description WAN-PORT
ip address 172.27.2.46 255.255.255.252
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.40.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
router eigrp 123 ----- To main site
network 0.0.0.0
no auto
!
router eigrp 124 ---- To Backup/DR site
network 0.0.0.0
no auto
ip nat inside source static 192.168.40.2 172.25.230.2
ip nat inside source static 192.168.40.3 172.25.230.3
ip route 0.0.0.0 0.0.0.0 172.28.230.26
ip access-list standard IS-DR
permit 172.25.20.99
!
!
access-list 10 permit 192.168.40.2
access-list 10 permit 192.168.40.3
access-list 10 deny any
access-list 11 permit 172.25.20.99
Please, help look at the config and comment if i did what was instructed.
Awaiting you kind response
Thanks
12-13-2017 12:42 AM
Hi there,
Your tunnel is mis-configured. The purpose of the loopback is to provide a tunnel endpoint:
! int tunnel1 tunnel source 172.25.230.1 !
...which you advertise to them via EIGRP.
What you still need is details on the tunnel destination at their end.
cheers,
Seb.
12-13-2017 01:25 AM
Apart from that, is there any correction that is needed to be done?
I have corrected that
tunnel source lo0
Thanks.
Awaiting your kind response
12-13-2017 02:40 AM - edited 12-13-2017 02:45 AM
Hi
Tunnel source and tunnel destination IP addresses should be the IP addresses of the physical interfaces or physical interface (outside interfaces, for example a g0/0's IP address).
Router A (outside interface) ---- Provider ----- (outside interface) Router B
For example:
Tunnel source FastEthernet4
or
Tunnel source 172.27.2.46
and
Tunnel destination x.x.x.x (the IP address of the physical interface of the remote router), once configured the interface should come up and you can confirm through: show ip interface brief.
Hope it is useful
:-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide