ICND2 - VPN Tunnel troubleshooting

Node Man · June 2014

Hi Everyone,
I hope you are having a nice day. I need advise for troubleshooting VPN Tunnels. I am literally trying to recreate of the tunnel scenario in chapter 7 of Odoms new ICND2 book. I am using GNS3. Both serial interfaces are UP UP. And the tunnel on both routers is UP DOWN. I followed the book exactly. Can you offer any guidance? I presume the problem is a GNS3 default setting or something I did. Any help will be appreciated.

Thanks!

Jon_Cisco · June 2014

I would suggest posting the configs. I have not read that chapter yet but we need a starting point to look for possible errors.

thenappyone · June 2014

Are you doing pre-shared keys? If so make sure that the keys match. As well as the the phase1/phase2 parameters.

Hondabuff · June 2014

Remember the word HAGLE for Tshooting IKE phase 1 and 2 Tunnels. I now use CCP for VPN tunnels and havent looked back.
Hash: MD5,SHA, SHA-HMAC
Authentication:Pre Shared Keys
Group: DH1,2 or 5
Lifetime:Seconds for the tunnels keepalives
Encryption Des, 3Des, AES

VinnyCisco · June 2014

I am assuming you are trying to configure GRE. A screen of your config would help.

I have been able to set it up in GNS3. So I know it works.

Make sure the IP's you are assigning to the GRE are in correct subnet.

When you set up the TUNNEL SOURCE, try pointing it to the parent Serial you are configuring.
So if your are on Serial 0/0/0, then it should be TUNNEL SOURCE <INTERFACE>. You can use ? after TUNNEL SOURCE for exact syntax.

When you set up the TUNNEL DESTINATION, make sure that is the parent IP of the remote serial interface.

In other words... If you are on R1, the config would be TUNNEL DEST 10.10.10.2 <-- 10.10.10.2 being the IP of R2's side.

Then on the other side, same config, just opposite destination.

davenull · June 2014

I did that chapter not so long ago and following the book didn't work for me either. I read some other guides and watched Youtube videos on setting up GRE tunnels. I remember I eventually got it working using static routes, then tried it again using OSPF (like the book says) and it worked somehow.

I'm still not sure why it didn't work the first time. I probably messed up OSPF config somewhere, or GNS3 just wanted to be reloaded - it happens sometimes.

VinnyCisco · June 2014

Excellent.

This was a simple GRE I set up on a point to point link. I created this in case you were still having issues, but since you are all squared away, you can just review if it.

Router 1 Config for Serial and Tunnel

Router 2 Config for Serial and Tunnel

Ping results from Router 2 to both 10.10.10.1 and 192.168.0.1 along with Tunnel stats.

Node Man · June 2014

wow Vinnycisco thank you for going above and beyond. I will give this a try.

VinnyCisco · June 2014

No problem. Glad I can help. Let me know how it works out.

Node Man · June 2014

It worked!! Thanks again. It appears that the problem in the Odom book, is that the serial interface IP's are in different subnets (1.1.1.1 and 2.2.2.2)

VinnyCisco · June 2014

That is great. I wouldn't worry too much about GRE for the test as far as tunnels being on different subnets. If they do ask you something on the test, they may just show you an output such is what I posted here and ask you what the commands are to configure it. But honestly, I never saw anything about GRE on the test. But still great to know. The more you know, the better. Good luck. ~ Vincent

ICND2 - VPN Tunnel troubleshooting

Comments