r1 (bb2) learns the route to the destination of the GRE tunnel, 150.50.22.2, via that same GRE tunnel. Add a static route like this to r1's configuration:
ip route 150.50.22.2 255.255.255.255 Ethernet0 As a side note, is this (GRE tunnel through the PIX) a good design from the security point of view? Thanks, Zsombor Dain Deutschman wrote: > > Hi all, > > I'm getting a "recursive routing" error when trying to tunnel > with gre. > > r1-----pix-----r2 > > The error follows along with my configs and route tables. > > Thanks! > > > 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface > Tunnel0, changed > state > to down > bb2# > 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface > Tunnel0, changed > state > to up > 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to > recursive > routin > g > 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface > Tunnel0, changed > state > to down > 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface > Tunnel0, changed > state > to up > 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to > recursive > routin > g > > bb2#wr t > Building configuration... > > Current configuration : 913 bytes > ! > version 12.1 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname bb2 > ! > ! > ! > ! > ! > ! > ip subnet-zero > ip domain-name hellocomputers.com > ip name-server 4.1.1.1 > ! > ! > ! > ! > ! > ! > interface Loopback0 > ip address 112.112.112.112 255.255.255.0 > ! > interface Tunnel0 > ip address 172.16.22.112 255.255.255.0 > tunnel source 10.10.112.112 > tunnel destination 150.50.22.2 > ! > interface Ethernet0 > ip address 10.10.112.112 255.255.255.0 > ! > interface Serial0 > no ip address > shutdown > no fair-queue > ! > interface Serial1 > no ip address > shutdown > ! > interface BRI0 > no ip address > shutdown > isdn x25 static-tei 0 > ! > router eigrp 100 > network 172.16.0.0 > no auto-summary > no eigrp log-neighbor-changes > ! > ip classless > ip route 0.0.0.0 0.0.0.0 10.10.112.12 > ip route 172.16.22.2 255.255.255.255 Ethernet0 > ip http server > ! > ! > alias exec c config t > ! > line con 0 > line aux 0 > line vty 0 4 > login > ! > end > > bb2# > > r2#wr t > Building configuration... > > Current configuration : 2557 bytes > ! > version 12.2 > service timestamps debug uptime > service timestamps log uptime > service password-encryption > ! > hostname r2 > ! > logging buffered 4096 debugging > ! > username all > memory-size iomem 10 > ip subnet-zero > ! > ! > ip domain name hellocomputers.com > ip name-server 4.1.1.1 > ! > ip audit notify log > ip audit po max-events 100 > ! > ! > ! > key chain keyr2 > key 1 > key-string 7 151A0E000825 > ! > voice call carrier capacity active > ! > ! > ! > ! > ! > ! > ! > ! > ! > mta receive maximum-recipients 0 > ! > ! > ! > ! > interface Loopback0 > ip address 22.22.22.22 255.255.255.0 > ! > interface Tunnel0 > ip address 172.16.22.2 255.255.255.0 > tunnel source 150.50.22.2 > tunnel destination 150.50.22.112 > ! > interface FastEthernet0/0 > ip address 150.50.22.2 255.255.255.0 > ip rip authentication mode md5 > ip rip authentication key-chain keyr2 > duplex auto > speed auto > ! > interface Serial0/0 > no ip address > encapsulation frame-relay > frame-relay lmi-type ansi > ! > interface Serial0/0.21 point-to-point > ip address 150.50.12.2 255.255.255.0 > ip ospf authentication message-digest > ip ospf message-digest-key 1 md5 7 04530E0A032E > ip ospf network point-to-point > frame-relay interface-dlci 121 > ! > interface Serial0/0.23 point-to-point > ip address 150.50.23.2 255.255.255.0 > ip ospf authentication message-digest > ip ospf message-digest-key 1 md5 7 130D121E0703 > frame-relay interface-dlci 123 > ! > interface Serial0/0.24 point-to-point > ip address 150.50.24.2 255.255.255.0 > ip ospf authentication message-digest > ip ospf message-digest-key 1 md5 7 011B03085704 > frame-relay interface-dlci 124 > ! > interface FastEthernet0/1 > no ip address > shutdown > duplex auto > speed auto > ! > interface Serial0/1 > no ip address > shutdown > ! > router eigrp 100 > network 150.50.0.0 > network 172.16.0.0 > no auto-summary > no eigrp log-neighbor-changes > ! > router ospf 100 > router-id 22.22.22.22 > log-adjacency-changes > area 1 virtual-link 11.11.11.11 > network 22.22.22.0 0.0.0.255 area 1 > network 150.50.12.0 0.0.0.255 area 1 > network 150.50.23.0 0.0.0.255 area 2 > network 150.50.24.0 0.0.0.255 area 1 > ! > router rip > version 2 > passive-interface Serial0/0.21 > passive-interface Serial0/0.23 > passive-interface Serial0/0.24 > network 150.50.0.0 > neighbor 150.50.22.12 > no auto-summary > ! > ip classless > ip route 172.16.22.112 255.255.255.255 FastEthernet0/0 > ip http server > ip pim bidir-enable > ! > ! > access-list 2 permit 112.112.112.112 > access-list 2 permit 150.50.22.2 > ! > call rsvp-sync > ! > voice-port 1/0/0 > ! > voice-port 1/0/1 > ! > ! > mgcp profile default > ! > dial-peer cor custom > ! > ! > ! > ! > alias exec c config t > ! > line con 0 > line aux 0 > line vty 0 4 > login > ! > ! > end > > r2#sh ip route > > Gateway of last resort is 150.50.22.12 to network 0.0.0.0 > > 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks > C 172.16.22.0/24 is directly connected, Tunnel0 > S 172.16.22.112/32 is directly connected, FastEthernet0/0 > 22.0.0.0/24 is subnetted, 1 subnets > C 22.22.22.0 is directly connected, Loopback0 > 150.50.0.0/24 is subnetted, 1 subnets > C 150.50.22.0 is directly connected, FastEthernet0/0 > R* 0.0.0.0/0 [120/1] via 150.50.22.12, 00:00:03, > FastEthernet0/0 > r2# > r2# > ts12>9 > [Resuming connection 9 to bb2 ... ] > > 00:5 > bb2#sh ip route > > > Gateway of last resort is 10.10.112.12 to network 0.0.0.0 > > 172.16.0.0/32 is subnetted, 1 subnets > S 172.16.22.2 is directly connected, Ethernet0 > 112.0.0.0/24 is subnetted, 1 subnets > C 112.112.112.0 is directly connected, Loopback0 > 10.0.0.0/24 is subnetted, 1 subnets > C 10.10.112.0 is directly connected, Ethernet0 > S* 0.0.0.0/0 [1/0] via 10.10.112.12 > bb2# > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74044&t=74035 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
