Hi Tony,

My tunnel hasn't come up even today. Did you have to call JTL to do something for yours to come up? It's weird that I can ping the souce/destination IPs assigned to the tunnels from both ends but the tunnel traffic is dead.
Weirdly too, on one side when I do 'sh int tunnel XX' I see:

C2811-Telecity#sh interfaces tunnel 49
Tunnel49 is up, line protocol is up


While on the other end:

C1811-TitanAir#sh interfaces tunnel49
Tunnel49 is up, line protocol is down




On 19 October 2015 at 12:37, Tony Gacheru <tonygacheru@gmail.com> wrote:

Noticed this too on several tunnels since Friday afternoon.  Provider must have been filtering GRE traffic. All my cases are on safcom though they are piggy riding on JTL for last mile.

 

From: Odhiambo Washington via skunkworks [mailto:skunkworks@lists.my.co.ke]
Sent: Saturday, October 17, 2015 11:59 AM
To: Skunkworks Mailing List
Subject: [Skunkworks] Weird VPN problem between Cisco Routers

 

Woken up to a weird problem and it's driving me nuts.. This has been working until today. NO changes at all have been made in several months.

 

The tunnel has refused to come up for some strange reason. I have even rebooted the routers. One had been up for 1.5 years, even...

 

 

Router1:

 

 

C2811-Telecity#sh interfaces tunnel 49

Tunnel49 is up, line protocol is down <===================

  Hardware is Tunnel

  Description: TitanAir JTL

  Internet address is 192.168.55.82/30

  MTU 1514 bytes, BW 512 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive set (5 sec), retries 10

  Tunnel source 85.90.242.30, destination 197.232.31.83

  Tunnel protocol/transport GRE/IP

    Key 0x8XXXXXXX, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 00:00:00, output 00:00:04, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

  Queueing strategy: fifo (QOS pre-classification)

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     30 packets input, 1680 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     31 packets output, 1808 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

 

C2811-Telecity#ping 197.232.31.83 so 85.90.242.30

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 197.232.31.83, timeout is 2 seconds:

Packet sent with a source address of 85.90.242.30

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 188/188/188 ms

 

C2811-Telecity#sh running-config interface tunnel 49

Building configuration...

 

Current configuration : 312 bytes

!

interface Tunnel49

 description TitanAir JTL

 bandwidth 512

 ip address 192.168.55.82 255.255.255.252

 ip access-group Kenya in

 ip mtu 1300

 ip route-cache flow

 ip tcp adjust-mss 1200

 qos pre-classify

 keepalive 5 2

 tunnel source 85.90.242.30

 tunnel destination 197.232.31.83

 tunnel key XXXXXXXXXXX

end

 

Router 2:

 

C1811-TitanAir#sh interfaces tunnel 49

Tunnel49 is up, line protocol is down

  Hardware is Tunnel

  Description: Inet to TCRB

  Internet address is 192.168.55.81/30

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive set (5 sec), retries 10

  Tunnel source 197.232.31.83, destination 85.90.242.30

  Tunnel protocol/transport GRE/IP

    Key 0x8XXXXXXX, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input never, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo (QOS pre-classification)

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     207 packets output, 12306 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

 

C1811-TitanAir#ping 85.90.242.30 source 197.232.31.83

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 85.90.242.30, timeout is 2 seconds:

Packet sent with a source address of 197.232.31.83

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 188/188/188 ms

 

C1811-TitanAir#sh running-config interface tunnel 49

Building configuration...

 

Current configuration : 300 bytes

!

interface Tunnel49

 description Inet to TCRB

 ip address 192.168.55.81 255.255.255.252

 ip access-group netbios out

 ip mtu 1300

 ip route-cache flow

 ip tcp adjust-mss 1200

 qos pre-classify

 keepalive 5 2

 tunnel source 197.232.31.83

 tunnel destination 85.90.242.30

 tunnel key XXXXXXXXXXXXXXX

end

 

 

 

 

 

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."




--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."