• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Cannot ping Tunnelbroker server on Cisco 2801

Started by CiscoFanboy, May 09, 2017, 06:07:32 PM

Previous topic - Next topic

CiscoFanboy

Hello everyone,

I am unable to ping the tunnelbroker on my Cisco 2801... my border router, I have tried what was mentioned in the post regarding the Cisco 3845 and I still can't get it to work.

cholzhauer

Well, we're going to need more information to help you out.

CiscoFanboy

#2
I can post my config

SVR-BRDR#sh run
Building configuration...


Current configuration : 8327 bytes
!
! Last configuration change at 16:57:01 UTC Wed May 10 2017 by ...
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SVR-BRDR
!
boot-start-marker
boot-end-marker
!
!
logging buffered 10000000
no logging console
enable secret 4 ...
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip name-server 10.0.30.2
ip multicast-routing
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
voice service voip
ip address trusted list
  ipv4 10.0.30.3
  ipv4 10.0.30.4
  ipv4 54.172.60.0 255.255.254.0
  ipv4 54.244.51.0 255.255.255.0
  ipv4 54.171.127.192 255.255.255.192
  ipv4 54.65.63.192 255.255.255.192
  ipv4 54.169.127.128 255.255.255.192
  ipv4 54.252.254.64 255.255.255.192
  ipv4 177.71.206.192 255.255.255.192
allow-connections sip to sip
!
!
!
!
voice translation-rule 1
rule 1 /[2-9]..[2-9]....../ /+1\0/
rule 2 /.../ /+.../
rule 3 /.../ /+.../
rule 4 /.../ /+.../
!
voice translation-rule 2
rule 1 /\+.../ /.../
rule 2 /\+.../ /.../
rule 4 /\+.../ /.../
!
!
voice translation-profile incoming_twilio
translate called 2
!
voice translation-profile twilio
translate calling 1
translate called 1
!
!
voice-card 0
!
!
application
service caller flash:callername.tcl
  param display_name1 "..."
  param clid_prefix0 ...
  param display_name0 "..."
!
session
  start flash:callername.tcl caller
!
!
!
!
!
!
license udi pid ... sn ...
username ... privilege 15 secret 4 ...
!
redundancy
!
!
!
crypto keyring keyring-vpn-7fc4dc6d-1
  local-address 65.160.208.69
  pre-shared-key address 52.88.53.53 key ...
crypto keyring keyring-vpn-7fc4dc6d-0
  local-address 65.160.208.69
  pre-shared-key address 52.36.226.161 key ...
!
crypto isakmp policy 200
encr aes
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 201
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp keepalive 10 10
crypto isakmp profile isakmp-vpn-7fc4dc6d-0
   keyring keyring-vpn-7fc4dc6d-0
   match identity address 52.36.226.161 255.255.255.255
   local-address 65.160.208.69
crypto isakmp profile isakmp-vpn-7fc4dc6d-1
   keyring keyring-vpn-7fc4dc6d-1
   match identity address 52.88.53.53 255.255.255.255
   local-address 65.160.208.69
!
crypto ipsec security-association replay window-size 128
!
crypto ipsec transform-set ipsec-prop-vpn-7fc4dc6d-0 esp-aes esp-sha-hmac
crypto ipsec transform-set ipsec-prop-vpn-7fc4dc6d-1 esp-aes esp-sha-hmac
crypto ipsec df-bit clear
!
crypto ipsec profile ipsec-vpn-7fc4dc6d-0
set transform-set ipsec-prop-vpn-7fc4dc6d-0
set pfs group2
!
crypto ipsec profile ipsec-vpn-7fc4dc6d-1
set transform-set ipsec-prop-vpn-7fc4dc6d-1
set pfs group2
!
!
!
!
!
!
!
interface Tunnel0
ip address 172.16.0.1 255.255.255.252
tunnel source ATM0/1/0.1
tunnel destination 68.108.24.65
!
interface Tunnel1
ip address 169.254.14.154 255.255.255.252
ip virtual-reassembly in
ip tcp adjust-mss 1379
tunnel source 65.160.208.69
tunnel mode ipsec ipv4
tunnel destination 52.36.226.161
tunnel protection ipsec profile ipsec-vpn-7fc4dc6d-0
!
interface Tunnel2
ip address 169.254.13.90 255.255.255.252
ip virtual-reassembly in
ip tcp adjust-mss 1379
tunnel source 65.160.208.69
tunnel mode ipsec ipv4
tunnel destination 52.88.53.53
tunnel protection ipsec profile ipsec-vpn-7fc4dc6d-1
!
interface Tunnel3
ip address 209.165.131.5 255.255.255.252
tunnel source ATM0/1/0.1
tunnel destination 71.33.246.52
!
interface Tunnel4
no ip address
no ip redirects
ipv6 address dhcp
tunnel source ATM0/1/0.1
tunnel mode ipv6ip 6rd
tunnel 6rd prefix 2602::/24
!
interface FastEthernet0/0
ip address 10.0.1.1 255.255.255.252
ip pim dense-mode
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 123.12.1.1 255.255.255.252
duplex auto
speed auto
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
ip address dhcp
ip access-group PROTOCOL41 in
ip nat outside
ip virtual-reassembly in
atm route-bridged ip
pvc 8/35
  encapsulation aal5snap
!
!
router ospf 1
network 10.0.1.0 0.0.0.3 area 0
network 172.16.0.0 0.0.0.3 area 0
network 172.16.0.0 0.0.0.255 area 0
default-information originate
!
router bgp 65000
bgp log-neighbor-changes
neighbor 10.0.1.2 remote-as 65001
neighbor 169.254.13.89 remote-as 7224
neighbor 169.254.13.89 timers 10 30 30
neighbor 169.254.13.117 remote-as 7224
neighbor 169.254.13.117 timers 10 30 30
neighbor 169.254.14.153 remote-as 7224
neighbor 169.254.14.153 timers 10 30 30
neighbor 172.16.0.2 remote-as 65002
neighbor 209.165.131.6 remote-as 65000
!
address-family ipv4
  bgp redistribute-internal
  network 0.0.0.0
  network 10.0.1.0 mask 255.255.255.252
  network 172.16.0.0 mask 255.255.255.252
  neighbor 10.0.1.2 activate
  neighbor 169.254.13.89 activate
  neighbor 169.254.13.89 default-originate
  neighbor 169.254.13.89 soft-reconfiguration inbound
  neighbor 169.254.13.117 activate
  neighbor 169.254.13.117 default-originate
  neighbor 169.254.13.117 soft-reconfiguration inbound
  neighbor 169.254.14.153 activate
  neighbor 169.254.14.153 default-originate
  neighbor 169.254.14.153 soft-reconfiguration inbound
  neighbor 172.16.0.2 activate
  neighbor 209.165.131.6 activate
  neighbor 209.165.131.6 next-hop-self
exit-address-family
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list NAT interface ATM0/1/0.1 overload
ip nat inside source static tcp 10.0.1.2 443 interface ATM0/1/0.1 443
ip route 192.168.202.0 255.255.255.0 209.168.131.6
!
ip access-list extended NAT
permit ip any any
ip access-list extended PROTOCOL41
permit 41 any any
permit ip any any
permit gre any any
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
dial-peer voice 1 voip
translation-profile outgoing twilio
destination-pattern [2-9]..[2-9]......
session protocol sipv2
session target dns:svr-3cx.pstn.us2.twilio.com
no voice-class sip early-offer forced
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 2 voip
translation-profile incoming incoming_twilio
session protocol sipv2
session target dns:svr-3cx.pstn.us2.twilio.com
incoming called-number .T
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 3 voip
preference 1
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.3
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 4 voip
preference 2
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.4
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 5 voip
preference 1
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.3
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 6 voip
preference 2
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.4
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 7 voip
preference 1
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.3
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 8 voip
preference 2
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.4
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
!
sip-ua
credentials username ... password 7 ... realm voicepulse
authentication username ... password 7 ...
registrar dns:cucm10.sfo.proxy.voicepulse.com expires 3600
sip-server dns:cucm10.sfo.proxy.voicepulse.com
connection-reuse
!
!
!
telephony-service
max-ephones 10
max-dn 10
ip source-address 10.0.1.1 port 2000
max-conferences 4 gain -6
transfer-system full-consult
!
!
ephone-dn  1
number 401
!
!
ephone  1
device-security-mode none
mac-address 0015.FAB8.F4E1
button  1:1
!
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
login local
transport input all
!
scheduler allocate 20000 1000
end

broquea


CiscoFanboy

I forgot I negated the command... lemme put the tunnel in and repost.

CiscoFanboy

#5
SVR-BRDR#sh run
Building configuration...


Current configuration : 8418 bytes
!
! Last configuration change at 23:10:47 UTC Wed May 10 2017 by ...
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SVR-BRDR
!
boot-start-marker
boot-end-marker
!
!
logging buffered 10000000
no logging console
enable secret 4 ...
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip name-server 10.0.30.2
ip multicast-routing
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
voice service voip
ip address trusted list
  ipv4 10.0.30.3
  ipv4 10.0.30.4
  ipv4 54.172.60.0 255.255.254.0
  ipv4 54.244.51.0 255.255.255.0
  ipv4 54.171.127.192 255.255.255.192
  ipv4 54.65.63.192 255.255.255.192
  ipv4 54.169.127.128 255.255.255.192
  ipv4 54.252.254.64 255.255.255.192
  ipv4 177.71.206.192 255.255.255.192
allow-connections sip to sip
!
!
!
!
voice translation-rule 1
rule 1 /[2-9]..[2-9]....../ /+1\0/
rule 2 /.../ /+.../
rule 3 /.../ /+.../
rule 4 /.../ /+.../
!
voice translation-rule 2
rule 1 /\+.../ /.../
rule 2 /\+.../ /.../
rule 4 /\+.../ /.../
!
!
voice translation-profile incoming_twilio
translate called 2
!
voice translation-profile twilio
translate calling 1
translate called 1
!
!
voice-card 0
!
!
application
service caller flash:callername.tcl
  param display_name1 "..."
  param clid_prefix0 ...
  param display_name0 "..."
!
session
  start flash:callername.tcl caller
!
!
!
!
!
!
license udi pid ... sn ...
username ... privilege 15 secret 4 ...
!
redundancy
!
!
!
crypto keyring keyring-vpn-7fc4dc6d-1
  local-address 65.160.208.69
  pre-shared-key address 52.88.53.53 key ...
crypto keyring keyring-vpn-7fc4dc6d-0
  local-address 65.160.208.69
  pre-shared-key address 52.36.226.161 key ...
!
crypto isakmp policy 200
encr aes
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 201
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp keepalive 10 10
crypto isakmp profile isakmp-vpn-7fc4dc6d-0
   keyring keyring-vpn-7fc4dc6d-0
   match identity address 52.36.226.161 255.255.255.255
   local-address 65.160.208.69
crypto isakmp profile isakmp-vpn-7fc4dc6d-1
   keyring keyring-vpn-7fc4dc6d-1
   match identity address 52.88.53.53 255.255.255.255
   local-address 65.160.208.69
!
crypto ipsec security-association replay window-size 128
!
crypto ipsec transform-set ipsec-prop-vpn-7fc4dc6d-0 esp-aes esp-sha-hmac
crypto ipsec transform-set ipsec-prop-vpn-7fc4dc6d-1 esp-aes esp-sha-hmac
crypto ipsec df-bit clear
!
crypto ipsec profile ipsec-vpn-7fc4dc6d-0
set transform-set ipsec-prop-vpn-7fc4dc6d-0
set pfs group2
!
crypto ipsec profile ipsec-vpn-7fc4dc6d-1
set transform-set ipsec-prop-vpn-7fc4dc6d-1
set pfs group2
!
!
!
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:C:11BD::2/64
ipv6 enable
tunnel source 65.160.208.69
tunnel mode ipv6ip
tunnel destination 66.220.18.42
!
interface Tunnel1
ip address 169.254.14.154 255.255.255.252
ip virtual-reassembly in
ip tcp adjust-mss 1379
tunnel source 65.160.208.69
tunnel mode ipsec ipv4
tunnel destination 52.36.226.161
tunnel protection ipsec profile ipsec-vpn-7fc4dc6d-0
!
interface Tunnel2
ip address 169.254.13.90 255.255.255.252
ip virtual-reassembly in
ip tcp adjust-mss 1379
tunnel source 65.160.208.69
tunnel mode ipsec ipv4
tunnel destination 52.88.53.53
tunnel protection ipsec profile ipsec-vpn-7fc4dc6d-1
!
interface Tunnel3
ip address 209.165.131.5 255.255.255.252
tunnel source ATM0/1/0.1
tunnel destination 71.33.246.52
!
interface Tunnel4
ip address 172.16.0.1 255.255.255.252
tunnel source ATM0/1/0.1
tunnel destination 68.108.24.65
!
interface FastEthernet0/0
ip address 10.0.1.1 255.255.255.252
ip pim dense-mode
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 123.12.1.1 255.255.255.252
duplex auto
speed auto
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
ip address dhcp
ip access-group PROTOCOL41 in
ip nat outside
ip virtual-reassembly in
atm route-bridged ip
pvc 8/35
  encapsulation aal5snap
!
!
router ospf 1
network 10.0.1.0 0.0.0.3 area 0
network 172.16.0.0 0.0.0.3 area 0
network 172.16.0.0 0.0.0.255 area 0
default-information originate
!
router bgp 65000
bgp log-neighbor-changes
neighbor 10.0.1.2 remote-as 65001
neighbor 169.254.13.89 remote-as 7224
neighbor 169.254.13.89 timers 10 30 30
neighbor 169.254.13.117 remote-as 7224
neighbor 169.254.13.117 timers 10 30 30
neighbor 169.254.14.153 remote-as 7224
neighbor 169.254.14.153 timers 10 30 30
neighbor 172.16.0.2 remote-as 65002
neighbor 209.165.131.6 remote-as 65000
!
address-family ipv4
  bgp redistribute-internal
  network 0.0.0.0
  network 10.0.1.0 mask 255.255.255.252
  network 172.16.0.0 mask 255.255.255.252
  neighbor 10.0.1.2 activate
  neighbor 169.254.13.89 activate
  neighbor 169.254.13.89 default-originate
  neighbor 169.254.13.89 soft-reconfiguration inbound
  neighbor 169.254.13.117 activate
  neighbor 169.254.13.117 default-originate
  neighbor 169.254.13.117 soft-reconfiguration inbound
  neighbor 169.254.14.153 activate
  neighbor 169.254.14.153 default-originate
  neighbor 169.254.14.153 soft-reconfiguration inbound
  neighbor 172.16.0.2 activate
  neighbor 209.165.131.6 activate
  neighbor 209.165.131.6 next-hop-self
exit-address-family
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list NAT interface ATM0/1/0.1 overload
ip nat inside source static tcp 10.0.1.2 443 interface ATM0/1/0.1 443
ip route 192.168.202.0 255.255.255.0 209.168.131.6
!
ip access-list extended NAT
permit ip any any
ip access-list extended PROTOCOL41
permit 41 any any
permit ip any any
permit gre any any
!
ipv6 route ::/0 Tunnel0
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
dial-peer voice 1 voip
translation-profile outgoing twilio
destination-pattern [2-9]..[2-9]......
session protocol sipv2
session target dns:svr-3cx.pstn.us2.twilio.com
no voice-class sip early-offer forced
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 2 voip
translation-profile incoming incoming_twilio
session protocol sipv2
session target dns:svr-3cx.pstn.us2.twilio.com
incoming called-number .T
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 3 voip
preference 1
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.3
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 4 voip
preference 2
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.4
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 5 voip
preference 1
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.3
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 6 voip
preference 2
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.4
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 7 voip
preference 1
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.3
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 8 voip
preference 2
destination-pattern ...
session protocol sipv2
session target ipv4:10.0.30.4
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
!
sip-ua
credentials username ... password 7 ... realm voicepulse
authentication username ... password 7 ...
registrar dns:cucm10.sfo.proxy.voicepulse.com expires 3600
sip-server dns:cucm10.sfo.proxy.voicepulse.com
connection-reuse
!
!
!
telephony-service
max-ephones 10
max-dn 10
ip source-address 10.0.1.1 port 2000
max-conferences 4 gain -6
transfer-system full-consult
!
!
ephone-dn  1
number 401
!
!
ephone  1
device-security-mode none
mac-address 0015.FAB8.F4E1
button  1:1
!
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
login local
transport input all
!
scheduler allocate 20000 1000
end


Here is the config now that I have put in the tunnel from the tunnel broker