[HECnet] Cisco tunnels: update my IP
Cory Smelosky
b4 at gewt.net
Wed Jun 22 22:47:40 PDT 2016
Found the actual problem!
IPSec VTI VPNs means I can't do source-based NAT/firewall rules to redirect GRE from the DECnet tunnel IPs to a separate box as is currently configured.
I had to ask the vendor and community for help on this ;)
Dang vyos!
Sent from my iPhone
> On Jun 22, 2016, at 21:09, Cory Smelosky <b4 at gewt.net> wrote:
>
>> On Thu, 23 Jun 2016, Tim Sneddon wrote:
>>
>>
>> Hi Cory,
>>
>> I've updated my tunnel configuration, but I'm not getting any traffic from your end. I can ping you though.
>>
>
> Found part of the problem. ;)
>
> mercedes-sj(config)#ip route 0.0.0.0 0.0.0.0 10.12.0.1
>
> Forgot to add that, along with enabling IP routing and setting DECnet on fa0/0.
>
> rule 30 {
> action accept
> destination {
> address 10.12.0.6
> }
> log disable
> protocol gre
> }
>
> also pretty sure that's not the EdgeOS way to forward GRE...;)
>
>> Regards, Tim.
>>
>
> --
> Cory Smelosky
> http://gewt.net Personal stuff
> http://gimme-sympathy.org Projects
More information about the Hecnet-list
mailing list