• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems GRE Tunnel - one way ?

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date GRE Tunnel - one way ? kartik 09-30-05  Re: GRE Tunnel - one way ? Walter Roberson 09-30-05  Re: GRE Tunnel - one way ? kartik 09-30-05  Re: GRE Tunnel - one way ? Walter Roberson 09-30-05  Re: GRE Tunnel - one way ? kartik 10-01-05

Posted by kartik on September 30, 2005, 6:39 am Please log in for more thread options Hello all, Does GRE work on unidirectional links ? I need to configure a GRE tunnel over a one-way link .. from Router A to Router B. (There is no return path from router B to Router A). If I configure a GRE tunnel the regular way will it work ? Thanks, -kartik

Posted by Walter Roberson on September 30, 2005, 10:55 am Please log in for more thread options :Does GRE work on unidirectional links ? :I need to configure a GRE tunnel over a one-way link .. from Router A :to Router B. (There is no return path from router B to Router A). If I :configure a GRE tunnel the regular way will it work ? Perhaps you could leave off the 'tunnel source' on router B, or perhaps you could use a "source" which was the NULL interface, or a loopback interface that nothing was going into. When you say there is no return path, do you mean that no packets at all can get back, or do you mean that no *data* is intended to flow? Looking briefly through the documentation, it looks to me that a simple GRE tunnel without keepalives might work without any back-packets at all. I suspect that if you introduced encryption onto the tunnel that the encryption might perhaps need communications back, but that's something that would need to be checked. -- "It is important to remember that when it comes to law, computers never make copies, only human beings make copies. Computers are given commands, not permission. Only people can be given permission." -- Brad Templeton

Posted by kartik on September 30, 2005, 12:09 pm Please log in for more thread options Thank you for your response. I think I am very close ... but ... I tried but without a "tunnel source" the tunnel interface on Router B does not come up. Here is a snippet of my configuration on Routers A and B .. I can tell from the Router A serial interface stats connected to the one-way link that my multicast packets are getting tunnelled and are going through to the one way link.... Router B is receiving it on its serial link but the packets as evidenced by the serial interface statistics. However it never get de-capsulated and forwarded on the LAN of ROuter B. ######################################################## ROUTER A ! interface Tunnel0 ip unnumbered FastEthernet0/0.1 ip pim dense-mode ip igmp join-group 239.232.1.20 tunnel source FastEthernet0/0.1 tunnel destination 192.168.10.15 ! interface FastEthernet0/0.1 description Vlan1 Video and Data encapsulation dot1Q 1 native ip address 10.7.10.1 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ip pim dense-mode ip igmp join-group 239.232.1.20 ! interface Serial1/0 description One Way Out ONLY Link bandwidth 384 ip address 1.1.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! ip route 192.168.10.15 255.255.255.255 Serial1/0 ############################################### ROUTER B ! interface Loopback0 ip address 6.6.6.6 255.255.255.0 ip pim dense-mode ip igmp join-group 239.232.1.20 ! interface Tunnel0 no ip address ip pim dense-mode ip igmp join-group 239.232.1.20 tunnel source FastEthernet0/0 tunnel destination 6.6.6.6 ! interface FastEthernet0/0 description $ETH-LAN$ ip address 192.168.10.15 255.255.255.0 ip pim dense-mode ip igmp join-group 239.232.1.20 ip mroute 0.0.0.0 0.0.0.0 Tunnel0 Thank you -Kartik

Posted by Walter Roberson on September 30, 2005, 2:05 pm Please log in for more thread options :I tried but without a "tunnel source" the tunnel interface on Router B :does not come up. Here is a snippet of my configuration on Routers A :and B .. I have done little GRE myself, so I'm probably off-base, but... :ROUTER A Leave as is. The tunnel traffic exits the router via a serial interface. :ROUTER B >! >interface Loopback0 > ip address 6.6.6.6 255.255.255.0 > ip pim dense-mode > ip igmp join-group 239.232.1.20 >! Hmmmm... not sure that's right. >interface Tunnel0 > no ip address > ip pim dense-mode > ip igmp join-group 239.232.1.20 > tunnel source FastEthernet0/0 > tunnel destination 6.6.6.6 It seems to me that the tunnel destination might need to be the 10.7.10.1 of Router A's FE interface, which you are borrowing for the tunnel via the "ip unnumbered" statement. If the tunnel destination does not match the other sender, then the router isn't going to know -which- GRE tunnel it is dealing with (since there might be several.) >interface FastEthernet0/0 > description $ETH-LAN$ > ip address 192.168.10.15 255.255.255.0 > ip pim dense-mode > ip igmp join-group 239.232.1.20 You don't have a Serial interface shown to receive the data. >ip mroute 0.0.0.0 0.0.0.0 Tunnel0 If you don't want any packets going back, you shouldn't be routing them to the Tunnel0. To prevent traffic from going back along the tunnel, put in an access list and apply it "out" Tunnel0 on Router B. -- These .signatures are sold by volume, and not by weight.

Posted by kartik on October 1, 2005, 5:58 am Please log in for more thread options Thank you ! I have this working now. You are right, the 1. tunnel destination interface on router B needs to match the Tunnel Source interface on Router A. 2. The tunnel source interface on router A needs to match the tunnel destination interface on Router B Since i do not have a return path from Router B to Router A I tricked router B by configuring a loopback interface with the same IP address as the tunnel A source interface. Then I configured tunnel source and tunnel destination IPs as per the rules above. Thank you very much for you help. -Kartik

Similar Threads	Posted
GRE Tunnel up/up Cannot ping tunnel interface	March 6, 2006, 3:55 pm
VPN tunnel	July 25, 2005, 8:10 pm
GRE Tunnel - one way ?	September 30, 2005, 6:39 am
Best MTU value for our VPN tunnel	October 11, 2005, 10:39 pm
NAT-T + VPN Tunnel	November 6, 2005, 4:06 am
515 & 501 VPN Tunnel Help	April 4, 2006, 12:47 pm
GRE Tunnel	November 21, 2005, 8:38 pm
PLEASE HELP - GRE tunnel	September 5, 2006, 7:43 pm
NAT w Tunnel	January 25, 2007, 9:06 am
GRE tunnel and NAT	May 20, 2008, 10:52 pm
syslog through tunnel	February 11, 2005, 9:55 am
Help With 1710 to Pix 501 VPN Tunnel	July 24, 2005, 8:51 pm
tunnel interface ip	September 14, 2005, 1:37 pm
PIX 7.0.4 tunnel all traffic.	November 3, 2005, 12:27 pm
routing vpn tunnel	December 22, 2005, 10:53 am

Contact Us | Privacy Policy