This Cisco link covers the GRE Tunnel and how a keepalive works. I got a GRE over IPSec VPN configured between Singapore and London. The GRE tunnel only goes up whenever I perform a ping. So I configured the GRE tunnel keepalive so it always stays up. The default keepalive interval is 10 seconds and 3 retries.
SIN#show run interface Tunnel40
Building configuration...
Current configuration : 314 bytes
!
interface Tunnel40
ip address 10.16.2.194 255.255.255.252
ip mtu 1400
tunnel source 192.168.1.18
tunnel destination 192.168.1.146
end
SIN#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SIN(config)#interface Tunnel40
SIN(config-if)#keepalive ?
<0-32767> Keepalive period (default 10 seconds)
<cr> <cr>
SIN(config-if)#keepalive
SIN(config-if)#end
SIN#write memory
Building configuration...
[OK]
SIN#show run interface Tunnel40
Building configuration...
Current configuration : 330 bytes
!
interface Tunnel40
ip address 10.106.192.194 255.255.255.252
ip mtu 1400
keepalive 10 3
tunnel source 192.168.1.18
tunnel destination 192.168.1.146
end
LON#show run interface Tunnel40
Building configuration...
Current configuration : 322 bytes
!
interface Tunnel40
ip address 10.16.2.193 255.255.255.252
ip mtu 1400
tunnel source 192.168.1.146
tunnel destination 192.168.1.18
end
LON#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LON(config)#interface Tunnel40
LON(config-if)#keepalive
LON(config-if)#end
LON#write memory
Building configuration...
[OK]
LON#show run interface Tunnel40
Building configuration...
Current configuration : 338 bytes
!
interface Tunnel40
ip address 10.16.2.193 255.255.255.252
ip mtu 1400
keepalive 10 3 // DEFAULT IS 10 SECOND INTERVAL AND 3 RETRIES
tunnel source 192.168.1.146
tunnel destination 192.168.1.18
end
LON#ping 10.16.2.194
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.16.2.194, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 181/181/181 ms
I've checked the IPSec VPN was already up in the FortiGate firewall even before I did a ping.
No comments:
Post a Comment