Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
691
Views
0
Helpful
6
Replies

Traceroute result from one end of a tunnel to the other end

Go to solution
laurathaqi45
Level 1
Level 1

‎06-26-2022 08:54 AM

Dear community, 

 

I was looking to find the answer in regards the following question: "What is the result returned when performing a TraceRoute from one end of the tunnel to the over end of the tunnel". If the Tunnel is GRE, or other protocols. 

 

Thank you,

Laura 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-26-2022 09:20 AM - edited ‎06-26-2022 09:21 AM

If you have all the Rule allowed for ICMP  (NO ACL or FW bloking for ICMP or any protocol)

you see your Tunnel IP--other end Trunel IP - and destination IP.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎06-26-2022 09:01 AM - edited ‎06-26-2022 09:22 AM

depend on
trace route tunnel IP (far end of GRE tunnel) using ping source (local end of GRE tunnel)
this give you only ONE HOP because the GRE tunnel is P2P <<<<here if you see more than one then there is issue and you must double check the tunnel config 

trace route tunnen destination using ping source <tunnel source> 
this give you many HOP to destination depend one ISP


0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-26-2022 09:20 AM - edited ‎06-26-2022 09:21 AM

If you have all the Rule allowed for ICMP  (NO ACL or FW bloking for ICMP or any protocol)

you see your Tunnel IP--other end Trunel IP - and destination IP.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-26-2022 09:51 AM

 @laurathaqi45 

With respect to@balaji.bandi 

That not coreect even if there is acl or fw the traceroute is success.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎06-26-2022 10:00 AM 

That not coreect even if there is acl or fw the traceroute is success.

apolgies, i may be reading this wrong, what i have missed here ...so we can correct it to right.

 

You mean to say, if there is ACL or FW  which not allow ICMP and  only allow http (80 for discussion) - the Traceroute completes ? with success end to end you mean.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-26-2022 10:00 AM

GRE ping.png
this is small lab show you that even if there ACL deny ICMP the ICMP is success ???
why because the R2 ACL can not filter the INNER IP HEADER is only check the outer 
so if there is FW or ACL in Path that not prevent success of PING/Treaceroute. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎06-26-2022 10:30 AM

I understand now - what you were referring.

 

i am reffering end side where R1 and R2 only allow Certain traffic example only port 80 and 443 allowed as intresting services for that tunnel to the end point.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents