12-09-2010 09:12 AM
I'm trying to establish a GRE tunnel from an Aruba 2400 OS 220.127.116.11 to a Cisco 2800 ver 12.4.
Here;'s what I have so far.
The tunnel is showing as Up/UP on both sides.
Keepalives are disabled, (the tunnel goes down when keepalives are enabled)
the user assocaites to the SSID and authenticates via PSK-TKIP and should get an IP form the Aruba DHCP server.
That much works. But I can't ping or get a response from anything on the other side of the tunnel.
ip access-list session guest-tunnel
any any svc-dhcp permit
any any any redirect tunnel 1
interface vlan 161
ip address 10.80.61.249 255.255.255.0
interface vlan 1111
ip address 192.168.1.254 255.255.255.0
interface tunnel 1
description "Tunnel Interface"
ip address 18.104.22.168 255.255.255.0
tunnel source vlan 161
tunnel destination 22.214.171.124
How can I troubleshoot this further?
Here is the Cisco side config:
ip address 126.96.36.199 255.255.255.0
ip nat inside
tunnel source GigabitEthernet0/0.944
tunnel destination 10.80.61.249
ip route 192.168.1.0 255.255.255.0 Tunnel0
Thanks for any assitance with this.
What can I do to troubleshoot this further?
I can provide more configuraiton info if needed.
12-09-2010 01:28 PM
On the Aruba side, you need:
tunnel vlan 1111
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
12-09-2010 03:02 PM
I found part of the problem.
There was a firewall in the path.
The firewall rule for the GRE tunnel was written in one direction.
the reverse rule was added now the tunnel is up with Keepalives on.
Your suggestion would not work.
I tried to add tunnel vlan 1111 and recieved this error:
ctrl1) (config-tunnel)#tunnel vlan 1111
Error: Tunnel is an IP GRE Tunnel, Change the Mode before adding this.
At this point.
I can ping the 188.8.131.52 tunnel IP of the Cisco but not the 184.108.40.206 IP of the Aruba.
I can see DNS queries etc, going across the tunnel using the tunnel source/destination IP addresses.
However, I am not seeing and responses from Cisco side.
I belive there maybe a NAT issue at this point since the Cisco NAT stas show no IP addresses being allocated.