RE: pinging tunnel ip addresses from router on which source is

From: Danny.Andaluz@triaton-na.com
Date: Sat Apr 19 2003 - 22:40:50 GMT-3

• Next message: Brown, Patrick (NSOC-OCF}: "RE: pinging tunnel ip addresses from router on which source is"
• Previous message: Jeongwoo Park: "RE: How to convert Custom-Q to CBWFQ"
• Maybe in reply to: Wayne Hines: "pinging tunnel ip addresses from router on which source is"
• Next in thread: Brown, Patrick (NSOC-OCF}: "RE: pinging tunnel ip addresses from router on which source is"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have found that if I use a tunnel mode of IPIP instead of GRE IP (both
ends), I can ping my local tunnel interface. I checked out the RFC's on the
Two tunnel modes and it mentions this difference, but does not really give a
reason why. I don't remember the RFC's. Sorry.

-----Original Message-----
From: Brown, Patrick (NSOC-OCF} [mailto:PBrown4@chartercom.com]
Sent: Saturday, April 19, 2003 7:48 PM
To: 'Wayne Hines'; ccielab@groupstudy.com
Subject: RE: pinging tunnel ip addresses from router on which source is lo
cated?

If you have the tunnel IP, tunnel source, and tunnel destination defined,
you should be able to ping your local tunnel interface. The ip addresses of
your tunnel source and dest can be bogus! Hope I understood your question
correct.

Ex.interface Tunnel2147483647
   ip address 7.7.7.1 255.255.255.252
   tunnel source Loopback2147483647
   tunnel destination 1.1.1.1
   crypto map VPN

crypto map VPN local-address Loopback2147483647
crypto map VPN 1 ipsec-isakmp
 description X VPN
 set peer 1.1.1.1
 set security-association lifetime kilobytes 4000
 set security-association lifetime seconds 120
 set transform-set 1024sethut
 match address CRYPTO

crypto isakmp policy 1
 hash md5
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key
111111111111111112222222222222222233333333333333332222222222222111111111111
address 1.1.1.1
crypto ipsec transform-set 1024sethut esp-3des esp-sha-hmac mode transport
ip access-list extended CRYPTO permit gre host 223.223.223.223 host 1.1.1.1

IOS (tm) 7200 Software (C7200-JK2S-M), Version 12.1(13)E1, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1)

Sending 5, 100-byte ICMP Echos to 7.7.7.1, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Tx,

Patrick B

-----Original Message-----
From: Wayne Hines [mailto:wayneh@DataNetDev.com.au]
Sent: Saturday, April 19, 2003 10:10 AM
To: ccielab@groupstudy.com
Subject: pinging tunnel ip addresses from router on which source is located?

Hi Group,

On tunneles that have IPaddresses has anyone found a way pinging an
[ipsec/gre] tunnel ip addresses from the router on which it is located? Or
by definition can't this be done as everything that hits the tunnel
interface gets sucked in? ie. an equivalent to frame map ip x.x.x.x dlci br
for frame relay interfaces.

Wayne Hines
B.Sc., M.Sc., CMACS Proj. Man., CSS1, CCDP+Net. Man.+Voice+ATM, CCNP, CNE,
MCNE, MCSE Database & Network Developers - your Cisco Premier Partner /
Novell Business Partner
Mailing: P.O. Box 14283 Melbourne 8001
Email: wayneh@DataNetDev.com.au
Web: http://www.DataNetDev.com.au/
Tel: +61 (0)3 9329 6444
Mobile: +61 (0)41 152 4486

• Next message: Brown, Patrick (NSOC-OCF}: "RE: pinging tunnel ip addresses from router on which source is"
• Previous message: Jeongwoo Park: "RE: How to convert Custom-Q to CBWFQ"
• Maybe in reply to: Wayne Hines: "pinging tunnel ip addresses from router on which source is"
• Next in thread: Brown, Patrick (NSOC-OCF}: "RE: pinging tunnel ip addresses from router on which source is"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:58 GMT-3