PR55687 was fixed a long time ago, unless your running ancient code you should be fine. It was fixed in 7.3 and later codes.
On Sat, Jul 11, 2009 at 5:22 PM, raymondh (NSP) <[email protected]>wrote: > Hi Simon, > > Based on your config, I assumed you do have an AS / MS PIC (only the AS or > MS PIC supports key). Without those PIC(s) you'll most probably receive > "/kernel: gre doesn't support key option" hence you'll need to remove the > key option. > > what's your junos version and verify the output of show log messages (most > probably you'll get most of your answers from there before enabling any > flags in traceoptions). > > Out of curiosity, do you have any CoS on the GRE interface on your M20. (If > no, then you're fine but if yes, do take a look at PR55687 - For your info.) > > > --raymondh > > > on your ios based equipment > > On Jul 11, 2009, at 9:05 PM, [email protected] wrote: > > You know each packet entering the tunnel is encapsulated wtih gre key >> value. each packet exiting the tunnel is verified by the gre tunnel key >> value and de-encapsulated. the AS pic drops packets tht don't match the >> configured key value. >> >> Since GRE doesn't provide encryption. This is like a simple clear-text >> password with no encryption. You can enable debug on Cisco box and see if >> you can catch the key; do the same thing on Juniper box (traceoption is >> your friend there) >> >> Regards, >> Masood >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of simon teh >> Sent: Saturday, July 11, 2009 10:55 AM >> To: juniper-nsp >> Subject: [j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206) >> >> Hi all, >> >> I have a question over here and have tried to find out the answer from >> the forum thread, but failed to get the answer. >> Did anyone experience this type of problem before: >> >> Juniper(M20) ----------------GRE tunnel-----------------------Cisco(7206) >> >> Juniper Configuration >> >>> show configuration interfaces gr-0/1/0 >>> >> unit 0 { >> tunnel { >> source 219.93.2.1; >> destination 219.93.2.2; >> key 123456; >> } >> family inet { >> mtu 1514; >> address 192.168.1.1/30; >> } >> } >> >> Cisco Configuration >> interface Tunnel0 >> ip address 192.168.1.2 255.255.255.252 >> no ip unreachables >> no ip proxy-arp >> ip mtu 1514 >> tunnel source 219.93.2.2 >> tunnel destination 219.93.2.1 >> tunnel key 123456 >> >> The problem I had was if I configured both router WITHOUT the tunnel >> key, everything looks FINE. However once I include the tunnel key, >> then both tunnel UNABLE to ping (interface still up, up). Does anyone >> has any idea about the tunnel key between Juniper and Cisco. I am >> confident that other configuration is good, it is the problem with the >> key. >> Any suggestion? >> >> Thank you very much. >> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> >> >> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Steven Brenchley ------------------------------------- There are 10 types of people in the world those who understand binary and those who don't. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
