Is this Cisco router programing right?
I have been having a problem with a GRE tunnel. It is making my MTU 1476. I was told by a number of sources that enabling ICMP to re-negotiate the MTU size will do the trick. These are the lines I entered into the router. Are they right?
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any packet-too-big
access-list 101 deny icmp any any
All commands were accepted.
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any packet-too-big
access-list 101 deny icmp any any
All commands were accepted.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@memo:
I don't quite understand the last line:
"access-list 101 deny icmp any any"
Why deny it after you just permitted it in the lines above?
I don't quite understand the last line:
"access-list 101 deny icmp any any"
Why deny it after you just permitted it in the lines above?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am in contact with the two NOCs to see if they will raise the Tunneling router's Maximum Segment size. I really appreciate your help. For now, the ICMP edits did the trick.
For the rest of the WAN, they are going to have problems. So, I am going to escolate this to the NOC level.
Thanks you guys, you have been a huge help all the way through this ordeal. For a bonehead at Cisco Routing, I sure appreciated your help.
For the rest of the WAN, they are going to have problems. So, I am going to escolate this to the NOC level.
Thanks you guys, you have been a huge help all the way through this ordeal. For a bonehead at Cisco Routing, I sure appreciated your help.
ASKER
Exactly what I was looking for. Thanks, for alternative options ikalmar.
Thanks for verification and answering my concerns about the ICMP lines memo.
Thanks for verification and answering my concerns about the ICMP lines memo.
ASKER
The only problem with the Tunneling interface is I don't have control of it.
Here is how the network topology looks like:
My LAN>>satellite connection>>NOC1 router for a large WAN>>((GRE TUNNEL))>>Headquarters NOC>>WWW
I am good on the WAN side of NOC1, with everything set at 1500, going through to headquarters and the WWW is giving me fits. So, I did an MTU ping to google.com, and it came back as
packet to large and DF is set.
I would love to control those Tunnel interfaces. Then, I would make the MTU size on those interfaces 1524, and no problems from there on out for the entire WAN.
For my case, I beleive I have to allow ICMP to renegotiate the MTU window for me until our two NOCs figure it out and come up with a fix on that GRE tunnel.
Do you have any other suggestions. I could call the Chief Information Officer and have him look into our Tunnel adapters.