I would think security point of view...there would be better solutions...however...this is just a lab scenario. Thanks so much for your help though. I see the problem now and changed the static route to point to tunnel destination.
Thanks! Dain ""Zsombor Papp"" wrote in message news:[EMAIL PROTECTED] > r1 (bb2) learns the route to the destination of the GRE tunnel, 150.50.22.2, > via that same GRE tunnel. Add a static route like this to r1's configuration: > > ip route 150.50.22.2 255.255.255.255 Ethernet0 > > As a side note, is this (GRE tunnel through the PIX) a good design from the > security point of view? > > Thanks, > > Zsombor > > Dain Deutschman wrote: > > > > Hi all, > > > > I'm getting a "recursive routing" error when trying to tunnel > > with gre. > > > > r1-----pix-----r2 > > > > The error follows along with my configs and route tables. > > > > Thanks! > > > > > > 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface > > Tunnel0, changed > > state > > to down > > bb2# > > 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface > > Tunnel0, changed > > state > > to up > > 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to > > recursive > > routin > > g > > 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface > > Tunnel0, changed > > state > > to down > > 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface > > Tunnel0, changed > > state > > to up > > 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to > > recursive > > routin > > g > > > > bb2#wr t > > Building configuration... > > > > Current configuration : 913 bytes > > ! > > version 12.1 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname bb2 > > ! > > ! > > ! > > ! > > ! > > ! > > ip subnet-zero > > ip domain-name hellocomputers.com > > ip name-server 4.1.1.1 > > ! > > ! > > ! > > ! > > ! > > ! > > interface Loopback0 > > ip address 112.112.112.112 255.255.255.0 > > ! > > interface Tunnel0 > > ip address 172.16.22.112 255.255.255.0 > > tunnel source 10.10.112.112 > > tunnel destination 150.50.22.2 > > ! > > interface Ethernet0 > > ip address 10.10.112.112 255.255.255.0 > > ! > > interface Serial0 > > no ip address > > shutdown > > no fair-queue > > ! > > interface Serial1 > > no ip address > > shutdown > > ! > > interface BRI0 > > no ip address > > shutdown > > isdn x25 static-tei 0 > > ! > > router eigrp 100 > > network 172.16.0.0 > > no auto-summary > > no eigrp log-neighbor-changes > > ! > > ip classless > > ip route 0.0.0.0 0.0.0.0 10.10.112.12 > > ip route 172.16.22.2 255.255.255.255 Ethernet0 > > ip http server > > ! > > ! > > alias exec c config t > > ! > > line con 0 > > line aux 0 > > line vty 0 4 > > login > > ! > > end > > > > bb2# > > > > r2#wr t > > Building configuration... > > > > Current configuration : 2557 bytes > > ! > > version 12.2 > > service timestamps debug uptime > > service timestamps log uptime > > service password-encryption > > ! > > hostname r2 > > ! > > logging buffered 4096 debugging > > ! > > username all > > memory-size iomem 10 > > ip subnet-zero > > ! > > ! > > ip domain name hellocomputers.com > > ip name-server 4.1.1.1 > > ! > > ip audit notify log > > ip audit po max-events 100 > > ! > > ! > > ! > > key chain keyr2 > > key 1 > > key-string 7 151A0E000825 > > ! > > voice call carrier capacity active > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > mta receive maximum-recipients 0 > > ! > > ! > > ! > > ! > > interface Loopback0 > > ip address 22.22.22.22 255.255.255.0 > > ! > > interface Tunnel0 > > ip address 172.16.22.2 255.255.255.0 > > tunnel source 150.50.22.2 > > tunnel destination 150.50.22.112 > > ! > > interface FastEthernet0/0 > > ip address 150.50.22.2 255.255.255.0 > > ip rip authentication mode md5 > > ip rip authentication key-chain keyr2 > > duplex auto > > speed auto > > ! > > interface Serial0/0 > > no ip address > > encapsulation frame-relay > > frame-relay lmi-type ansi > > ! > > interface Serial0/0.21 point-to-point > > ip address 150.50.12.2 255.255.255.0 > > ip ospf authentication message-digest > > ip ospf message-digest-key 1 md5 7 04530E0A032E > > ip ospf network point-to-point > > frame-relay interface-dlci 121 > > ! > > interface Serial0/0.23 point-to-point > > ip address 150.50.23.2 255.255.255.0 > > ip ospf authentication message-digest > > ip ospf message-digest-key 1 md5 7 130D121E0703 > > frame-relay interface-dlci 123 > > ! > > interface Serial0/0.24 point-to-point > > ip address 150.50.24.2 255.255.255.0 > > ip ospf authentication message-digest > > ip ospf message-digest-key 1 md5 7 011B03085704 > > frame-relay interface-dlci 124 > > ! > > interface FastEthernet0/1 > > no ip address > > shutdown > > duplex auto > > speed auto > > ! > > interface Serial0/1 > > no ip address > > shutdown > > ! > > router eigrp 100 > > network 150.50.0.0 > > network 172.16.0.0 > > no auto-summary > > no eigrp log-neighbor-changes > > ! > > router ospf 100 > > router-id 22.22.22.22 > > log-adjacency-changes > > area 1 virtual-link 11.11.11.11 > > network 22.22.22.0 0.0.0.255 area 1 > > network 150.50.12.0 0.0.0.255 area 1 > > network 150.50.23.0 0.0.0.255 area 2 > > network 150.50.24.0 0.0.0.255 area 1 > > ! > > router rip > > version 2 > > passive-interface Serial0/0.21 > > passive-interface Serial0/0.23 > > passive-interface Serial0/0.24 > > network 150.50.0.0 > > neighbor 150.50.22.12 > > no auto-summary > > ! > > ip classless > > ip route 172.16.22.112 255.255.255.255 FastEthernet0/0 > > ip http server > > ip pim bidir-enable > > ! > > ! > > access-list 2 permit 112.112.112.112 > > access-list 2 permit 150.50.22.2 > > ! > > call rsvp-sync > > ! > > voice-port 1/0/0 > > ! > > voice-port 1/0/1 > > ! > > ! > > mgcp profile default > > ! > > dial-peer cor custom > > ! > > ! > > ! > > ! > > alias exec c config t > > ! > > line con 0 > > line aux 0 > > line vty 0 4 > > login > > ! > > ! > > end > > > > r2#sh ip route > > > > Gateway of last resort is 150.50.22.12 to network 0.0.0.0 > > > > 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks > > C 172.16.22.0/24 is directly connected, Tunnel0 > > S 172.16.22.112/32 is directly connected, FastEthernet0/0 > > 22.0.0.0/24 is subnetted, 1 subnets > > C 22.22.22.0 is directly connected, Loopback0 > > 150.50.0.0/24 is subnetted, 1 subnets > > C 150.50.22.0 is directly connected, FastEthernet0/0 > > R* 0.0.0.0/0 [120/1] via 150.50.22.12, 00:00:03, > > FastEthernet0/0 > > r2# > > r2# > > ts12>9 > > [Resuming connection 9 to bb2 ... ] > > > > 00:5 > > bb2#sh ip route > > > > > > Gateway of last resort is 10.10.112.12 to network 0.0.0.0 > > > > 172.16.0.0/32 is subnetted, 1 subnets > > S 172.16.22.2 is directly connected, Ethernet0 > > 112.0.0.0/24 is subnetted, 1 subnets > > C 112.112.112.0 is directly connected, Loopback0 > > 10.0.0.0/24 is subnetted, 1 subnets > > C 10.10.112.0 is directly connected, Ethernet0 > > S* 0.0.0.0/0 [1/0] via 10.10.112.12 > > bb2# > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74086&t=74035 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html