Hi Simon,
Based on your config, I assumed you do have an AS / MS PIC (only the
AS or MS PIC supports key). Without those PIC(s) you'll most probably
receive "/kernel: gre doesn't support key option" hence you'll need to
remove the key option.
what's your junos version and verify the output of show log messages
(most probably you'll get most of your answers from there before
enabling any flags in traceoptions).
Out of curiosity, do you have any CoS on the GRE interface on your
M20. (If no, then you're fine but if yes, do take a look at PR55687 -
For your info.)
--raymondh
on your ios based equipment
On Jul 11, 2009, at 9:05 PM, [email protected] wrote:
You know each packet entering the tunnel is encapsulated wtih gre key
value. each packet exiting the tunnel is verified by the gre tunnel
key
value and de-encapsulated. the AS pic drops packets tht don't match
the
configured key value.
Since GRE doesn't provide encryption. This is like a simple clear-text
password with no encryption. You can enable debug on Cisco box and
see if
you can catch the key; do the same thing on Juniper box (traceoption
is
your friend there)
Regards,
Masood
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of simon teh
Sent: Saturday, July 11, 2009 10:55 AM
To: juniper-nsp
Subject: [j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)
Hi all,
I have a question over here and have tried to find out the answer from
the forum thread, but failed to get the answer.
Did anyone experience this type of problem before:
Juniper(M20) ----------------GRE tunnel-----------------------
Cisco(7206)
Juniper Configuration
show configuration interfaces gr-0/1/0
unit 0 {
tunnel {
source 219.93.2.1;
destination 219.93.2.2;
key 123456;
}
family inet {
mtu 1514;
address 192.168.1.1/30;
}
}
Cisco Configuration
interface Tunnel0
ip address 192.168.1.2 255.255.255.252
no ip unreachables
no ip proxy-arp
ip mtu 1514
tunnel source 219.93.2.2
tunnel destination 219.93.2.1
tunnel key 123456
The problem I had was if I configured both router WITHOUT the tunnel
key, everything looks FINE. However once I include the tunnel key,
then both tunnel UNABLE to ping (interface still up, up). Does anyone
has any idea about the tunnel key between Juniper and Cisco. I am
confident that other configuration is good, it is the problem with the
key.
Any suggestion?
Thank you very much.
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
