This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GRE issues with 4.1.0 ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GRE issues with 4.1.0 ?

fm_eng
L1 Bithead

‎12-14-2011 01:56 AM

Good morning,

we run PanOs 4.1.0 on a couple of new sites, but we are not able to make GRE tunnel works. The sceario is IPsec Tunnel between 2 firewalls (PA-2020 to PA-5050), GRE tunnels built inside the IPsec on Cisco routers.

IPsec is ok and ping is working between the routers loopback, but GRE tunnel is down even if we permit all applications and services. We have a similar installation running PanOs 4.0.x and it works without issues.

Another installation with 4.1.0 works, but we get it up randomly re-typing the routing/configuration on PAN.

Is there any known bug on 4.1.0 about GRE?

Thank you

Marco Canova

0 Likes Likes
2 REPLIES 2

skrall
L4 Transporter

‎12-29-2011 04:43 PM

You should open a case with support.

You can use this list of commands to troubleshoot the issue.

Create a Packet Filter:


debug dataplane packet-diag set filter match source <GRE_DEV1_IP>

debug dataplane packet-diag set filter match destination <GRE_DEV1_IP>

debug dataplane packet-diag set filter on

debug dataplane packet-diag show setting

Use the packet filter to view a subset of global statistics:
-- Run this every 10-20 seconds while sending test traffic
-- Ignore the results ofte first run
-- Look for counters flagged as "drop"

show counter global filter packet-filter yes delta yes

To turn this off....
debug dataplane packet-diag set filter off
debug dataplane packet-diag clear all

Steve Krall

fm_eng
L1 Bithead
In response to skrall

‎01-24-2012 08:10 AM

Here is the solution: the GRE sessions were hanged, these commands show the problem and fixed it killing


show session all filter protocol 47


--------------------------------------------------------------------------------
ID      Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])
Vsys                                      Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
28376   gre            ACTIVE  FLOW       192.168.255.100[20033]/CST-VPN/47  (192.168.255.100[20033])
vsys1                                     192.168.255.64[20033]/CST-LAN  (192.168.255.64[20033])
28787   gre            ACTIVE  FLOW       192.168.255.64[20033]/CST-LAN/47  (192.168.255.64[20033])
vsys1                                     192.168.255.101[20033]/CST-VPN  (192.168.255.101[20033])

poi di conseguenza

clear session id 28376

0 Likes Likes
  • 2381 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks