Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Traffic within GRE tunnel not getting routed properly

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Traffic within GRE tunnel not getting routed properly

L0 Member

We are seeing an issue where we have a multiple GRE tunnels configured for ZONE: Zscaler - When we enable monitoring of GRE tunnels with health probe its send a packet with GRE tunnel Interface Private IP address as a source and Destination as a Peer Tunnel Private IP. We are noticing FW few times a days start dropping a packets because it unable to tie destination interface for return packet. We can see this behavior with packet capture with drop filter : Ex  : Tunnel 11 is configured in Zscaler zone with IP address 172.19.220.201/30 --> Peer IP 172.19.220.202 - Intrazone Traffic. When packet return from destination it unable to bind dest interface as a Tunnel 11 - So FW put packet in internet zone and drop the packet due to interzone policy. 

jbhanderi671_0-1665445449782.png

Routing table snap shots : 

jbhanderi671_1-1665445512087.png

 

@GRE-Tunnel, #paloalto @routing

0 REPLIES 0
  • 1792 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!