From: Brown, Patrick (NSOC-OCF} (PBrown4@chartercom.com)
Date: Sat Apr 19 2003 - 22:18:14 GMT-3
Yes, on the 7200 and 2600 series this look applicable. On other series like
2500, 3600, GSR it does not. It maybe the IOS feature set also?
Patrick
-----Original Message-----
From: Wayne Hines [mailto:wayneh@DataNetDev.com.au]
Sent: Saturday, April 19, 2003 7:27 PM
To: Brown, Patrick (NSOC-OCF}; ccielab@groupstudy.com
Subject: RE: pinging tunnel ip addresses from router on which source is
located?
Hmmm - you understood the question - as did I your response. Perhaps this
is another version/platform specific issue.
R3#sh ip int brief
Interface IP-Address OK? Method Status
Prot
ocol
Ethernet0 172.16.30.3 YES manual up
up
Loopback1 133.10.40.1 YES manual up
up
Loopback36 133.200.0.36 YES manual up
up
Loopback66 133.10.0.3 YES manual up
up
Loopback99 99.99.99.99 YES manual up
up
Serial0 133.10.60.3 YES manual up
up
Serial1 unassigned YES unset administratively down
down
Tunnel36 160.100.1.1 YES manual up
up
R3#sh run int tu 36
Building configuration...
Current configuration : 123 bytes
!
interface Tunnel36
ip address 160.100.1.1 255.255.255.0
tunnel source Loopback36
tunnel destination 133.200.0.63
end
R3#sh ver
System image file is "flash:/c2500-jk8os-l.122-1d.bin"
R3#ping 160.100.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 160.100.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-----Original Message-----
From: Brown, Patrick (NSOC-OCF} [mailto:PBrown4@chartercom.com]
Sent: Sunday, 20 April 2003 9:48
To: 'Wayne Hines'; ccielab@groupstudy.com
Subject: RE: pinging tunnel ip addresses from router on which source is
located?
If you have the tunnel IP, tunnel source, and tunnel destination defined,
you should be able to ping your local tunnel interface. The ip addresses of
your tunnel source and dest can be bogus! Hope I understood your question
correct.
Ex.interface Tunnel2147483647
ip address 7.7.7.1 255.255.255.252
tunnel source Loopback2147483647
tunnel destination 1.1.1.1
crypto map VPN
crypto map VPN local-address Loopback2147483647
crypto map VPN 1 ipsec-isakmp
description X VPN
set peer 1.1.1.1
set security-association lifetime kilobytes 4000
set security-association lifetime seconds 120
set transform-set 1024sethut
match address CRYPTO
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key
111111111111111112222222222222222233333333333333332222222222222111111111111
address 1.1.1.1
crypto ipsec transform-set 1024sethut esp-3des esp-sha-hmac
mode transport
ip access-list extended CRYPTO
permit gre host 223.223.223.223 host 1.1.1.1
IOS (tm) 7200 Software (C7200-JK2S-M), Version 12.1(13)E1, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1)
Sending 5, 100-byte ICMP Echos to 7.7.7.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Tx,
Patrick B
-----Original Message-----
From: Wayne Hines [mailto:wayneh@DataNetDev.com.au]
Sent: Saturday, April 19, 2003 10:10 AM
To: ccielab@groupstudy.com
Subject: pinging tunnel ip addresses from router on which source is
located?
Hi Group,
On tunneles that have IPaddresses has anyone found a way pinging an
[ipsec/gre] tunnel ip addresses from the router on which it is located? Or
by definition can't this be done as everything that hits the tunnel
interface gets sucked in?
ie. an equivalent to frame map ip x.x.x.x dlci br for frame relay
interfaces.
Wayne Hines
B.Sc., M.Sc., CMACS Proj. Man., CSS1, CCDP+Net. Man.+Voice+ATM, CCNP, CNE,
MCNE, MCSE
Database & Network Developers - your Cisco Premier Partner / Novell Business
Partner
Mailing: P.O. Box 14283 Melbourne 8001
Email: wayneh@DataNetDev.com.au
Web: http://www.DataNetDev.com.au/
Tel: +61 (0)3 9329 6444
Mobile: +61 (0)41 152 4486
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:58 GMT-3