No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
In the GRE over IPSec scenario, if the status of the GRE tunnel changes from Up to Down and then to Up again, voice traffic is still not transmitted through the GRE tunnel

In the GRE over IPSec scenario, if the status of the GRE tunnel changes from Up to Down and then to Up again, voice traffic is still not transmitted through the GRE tunnel

This section provides a troubleshooting case for the following fault: An AR is configured with GRE over IPSec. When the GRE tunnel is Up, voice traffic is transmitted through the GRE tunnel. When the GRE tunnel goes Down, voice traffic is transmitted through NAT to the remote device. However, when the GRE tunnel goes Up again, voice traffic is still transmitted through NAT.

Networking

Figure 25-29  Establishing a GRE over IPSec tunnel between the headquarters and branch

Configurations of router A:

#
ipsec proposal tran1
 esp authentication-algorithm sha2-256
 esp encryption-algorithm aes-128
#
ike proposal 5
 encryption-algorithm aes-128
 dh group14
 authentication-algorithm sha2-256
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256
 prf hmac-sha2-256
#
ike peer spub
 pre-shared-key cipher %^%#JvZxR2g8c;a9~FPN~n'$7`DEV&=G(=Et02P/%\*!%^%#
 ike-proposal 5
#
ipsec profile profile1
 ike-peer spub
 proposal tran1
#
interface Tunnel0/0/0
 ip address 192.168.1.1 255.255.255.0
 tunnel-protocol gre
 source 202.138.163.1
 destination 202.138.162.1
 ipsec profile profile1
#
interface GigabitEthernet1/0/0
 ip address 202.138.163.1 255.255.255.0
 nat outbound 2999
#
interface GigabitEthernet2/0/0
 ip address 10.1.1.1 255.255.255.0
#
ip route-static 10.1.2.0 255.255.25.0 192.168.1.2
ip route-static 0.0.0.0 0.0.0.0 202.138.163.2
#
return

Fault Description

Router A is configured with GRE over IPSec. When the GRE tunnel is Up, voice traffic is transmitted through the GRE tunnel. When the GRE tunnel goes Down, voice traffic is transmitted through NAT to the remote device. However, when the GRE tunnel goes Up again, voice traffic is still transmitted through NAT.

Fault Analysis

  1. The fact that voice traffic is transmitted through the GRE tunnel to the remote device when the tunnel is Up indicates that the route between the two devices is reachable.
  2. The fact that voice traffic is transmitted through NAT to the remote device when the GRE tunnel goes Down indicates that the path switchover function is available.
  3. When the status of the GRE tunnel changes from Down to Up, the NAT mapping table is still active and has a higher priority than the routing table. Therefore, voice traffic is still transmitted through NAT to the remote device.
  4. You need to run the reset nat session command to delete NAT mapping tables. After the execution of this command, the current session is reset and voice traffic is transmitted through the GRE tunnel. Then, the fault is rectified.

Procedure

Delete all NAT mapping tables of router A.

<Router A> system-view 
[Router A] reset nat session all 
Warning:The current all NAT sessions will be deleted.   
Are you sure to continue?[Y/N]Y

Conclusions and Suggestions

In the GRE over IPSec scenario, the NAT mapping table has a higher priority than the routing table. Therefore, after the status of the GRE tunnel changes from Down to Up, voice traffic is still transmitted through NAT to the remote device. After you reset the NAT mapping table, traffic queries the routing table as before and passes through the GRE tunnel again.

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 454778

Downloads: 4318

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next