I would appreciate any help with this.
I have setup a basic GRE tunnel over the internet from one site to another.
Everything works fine but:-
Computers connected to R1 cannot see the laptop connected to R2
The laptop at R2 can see all computers on the MS network connected to R1
Both R1 (192.168.1.40) and R2 (192.168.3.40) can:-
Ping the gateway addresses at both ends
Ping the router IP address at both ends (192.168.1.40 and 192.168.3.40)
Successfully access the internet
R2 can ping the laptop connected to it (192.168.3.200)
So everthing is working apart from nothing at R1 can see the clients (laptop 192.168.3.200) at R2. However this laptop can see all clients on the MS windows network at R1.
The only difference that comes to mind is that R1 is plugged into a network switch with a whole host host of computers and at R2 it is just a single laptop plugged directly into the Cisco router.
Both routers R1 and R2 are Cisco 887s.
Here are the configurations I have stripped them down to the bare bones to make it as uncomplicated as possible.
R1 CONFIGURATION
ip cef
ip name-server 212.69.36.3
ip name-server 212.69.40.3
no ipv6 cef
!
license udi pid CISCO887VA-K9 sn FCZ1607C3ZV
!
controller VDSL 0
firmware filename flash:vdsl.bin-A2pv6C035d_d23j
!
interface Tunnel1
ip address 172.16.0.1 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 100.100.152.14
tunnel destination 200.200.22.237
!
interface Ethernet0
no ip address
ip nat inside
ip virtual-reassembly in
!
interface ATM0
mtu 1492
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 10
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.40 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXX
ppp chap password 0 XXXXXX
ppp pap sent-username XXXXXXXXXXXXXXX
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip nat inside source static udp 192.168.1.250 50000 interface Dialer1 50000
ip nat inside source list 110 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 50
ip route 192.168.3.0 255.255.255.0 172.16.0.2 20
!
access-list 100 permit ip any any
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 remark NAT configuration
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
login
length 0
transport input all
!
end
R1 CONFIGURATION
ip name-server 62.24.134.1
ip name-server 62.24.243.2
ip cef
no ipv6 cef
!
license udi pid CISCO887VA-K9 sn FCZ1619C1FA
!
controller VDSL 0
firmware filename flash:vdsl.bin-A2pv6C035d_d23j
!
interface Tunnel1
ip address 172.16.0.2 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 200.200.22.237
tunnel destination 100.100.152.14
!
interface Ethernet0
no ip address
ip nat inside
ip virtual-reassembly in
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 10
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.3.40 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname XXXXXXXXXXXXXXXXXXX
ppp chap password 0 XXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXXXXXXXX
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list 110 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 50
ip route 192.168.1.0 255.255.255.0 172.16.0.1 20
!
access-list 100 permit ip any any
access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
end
The configurations are very similar so it is driving me crazy that there is a problem in only one direction.
I am a novice at this. I hope someone can help.
I have setup a basic GRE tunnel over the internet from one site to another.
Everything works fine but:-
Computers connected to R1 cannot see the laptop connected to R2
The laptop at R2 can see all computers on the MS network connected to R1
Both R1 (192.168.1.40) and R2 (192.168.3.40) can:-
Ping the gateway addresses at both ends
Ping the router IP address at both ends (192.168.1.40 and 192.168.3.40)
Successfully access the internet
R2 can ping the laptop connected to it (192.168.3.200)
So everthing is working apart from nothing at R1 can see the clients (laptop 192.168.3.200) at R2. However this laptop can see all clients on the MS windows network at R1.
The only difference that comes to mind is that R1 is plugged into a network switch with a whole host host of computers and at R2 it is just a single laptop plugged directly into the Cisco router.
Both routers R1 and R2 are Cisco 887s.
Here are the configurations I have stripped them down to the bare bones to make it as uncomplicated as possible.
R1 CONFIGURATION
ip cef
ip name-server 212.69.36.3
ip name-server 212.69.40.3
no ipv6 cef
!
license udi pid CISCO887VA-K9 sn FCZ1607C3ZV
!
controller VDSL 0
firmware filename flash:vdsl.bin-A2pv6C035d_d23j
!
interface Tunnel1
ip address 172.16.0.1 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 100.100.152.14
tunnel destination 200.200.22.237
!
interface Ethernet0
no ip address
ip nat inside
ip virtual-reassembly in
!
interface ATM0
mtu 1492
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 10
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.40 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXX
ppp chap password 0 XXXXXX
ppp pap sent-username XXXXXXXXXXXXXXX
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip nat inside source static udp 192.168.1.250 50000 interface Dialer1 50000
ip nat inside source list 110 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 50
ip route 192.168.3.0 255.255.255.0 172.16.0.2 20
!
access-list 100 permit ip any any
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 remark NAT configuration
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
login
length 0
transport input all
!
end
R1 CONFIGURATION
ip name-server 62.24.134.1
ip name-server 62.24.243.2
ip cef
no ipv6 cef
!
license udi pid CISCO887VA-K9 sn FCZ1619C1FA
!
controller VDSL 0
firmware filename flash:vdsl.bin-A2pv6C035d_d23j
!
interface Tunnel1
ip address 172.16.0.2 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 200.200.22.237
tunnel destination 100.100.152.14
!
interface Ethernet0
no ip address
ip nat inside
ip virtual-reassembly in
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 10
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.3.40 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname XXXXXXXXXXXXXXXXXXX
ppp chap password 0 XXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXXXXXXXX
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list 110 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 50
ip route 192.168.1.0 255.255.255.0 172.16.0.1 20
!
access-list 100 permit ip any any
access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
end
The configurations are very similar so it is driving me crazy that there is a problem in only one direction.
I am a novice at this. I hope someone can help.
