From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Thu Jun 29 2006 - 03:01:55 ART
You can have the tunnel interfaces on different networks/subnets but you
will need a "route" to reach the other end of the tunnel. In the
example it appears that the static routes allow for reachability across
the tunnel but you will not be able to ping the other end of the tunnel.
This is because the tunnel interfaces themselves are on different
networks. Try adding a default route or a route to the other end of the
tunnel down the tunnel itself (i.e. ip route x.x.x.x x.x.x.x tunnel0)
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alex De Gruiter (AU)
Sent: Wednesday, June 28, 2006 4:16 PM
To: ccielab@groupstudy.com
Subject: GRE tunnel interface IP addressing
Hey guys,
I have been working on some GRE-based scenario in the labs, and have
come across a particular solution from Cisco that I have reason to
question. I post to the group as I would like some clarity on my
understanding of GRE.
The crux of the problem is as follows: A headquarters site needs to pass
IP Multicast traffic over IPSec to a remote site, and so must
encapsulate the traffic inside a GRE packet before transmission.
The associated Cisco document is here:
http://www.cisco.com/univercd/cc/td/doc/product/core/7100/swcg/6342gre.h
tm#1057710
My problem is that the tunnel interface at headquarters (172.17.3.3/24)
is on a different subnet to the tunnel interface at the remote site
(172.24.3.6/24). I don't see how this can work, and how IP traffic can
be passed across the GRE tunnel. I have tried this in the lab and my
only conclusion is that the tunnel interface IP addresses must be in the
same net. To make things even more confusing, a Figure in this document
(reference 3-2) references the tunnel IP addresses as, indeed, being on
the same subnet.
Can someone wiser than I comment?
Thanks in advance,
Alex de Gruiter
************************************************************************
******
- NOTICE FROM DIMENSION DATA AUSTRALIA
This message is confidential, and may contain proprietary or legally
privileged information. If you have received this email in error,
please notify the sender and delete it immediately.
Internet communications are not secure. You should scan this message and
any attachments for viruses. Under no circumstances do we accept
liability for any loss or damage which may result from your receipt of
this message or any attachments.
************************************************************************
******
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:34 ART