10-05-2011 01:26 PM - edited 03-11-2019 02:34 PM
Hello everyone!
I have problem with traffic coming from GRE interface and going further through FWSM on the same 6509-E chassis.
It's very interesting and confusing. If packets are fragmented, I can go through, however, if I use normal packets (usual ping for example) traffic goes from outside to inside and stops on it's way back.
Here is the detailed info:
WS-C6509-E with WS-SUP720-3B
FWSM HW 4.0, SW 4.1(4)
GRE is done in hardware (source is loopback interface - only one loopback per GRE tunnel).
Thank you.
10-05-2011 09:31 PM
Hi,
Can you take logs from the FWSM and check if you see the fwsm dropping packets?
Mike
10-05-2011 11:34 PM
We have hitcounts increasing in both directions in "allow access lists" when we ping the machine behind fwsm but packets do not pull through. The machine we are trying to ping is on the inside side.
I'm unaware of detailed packet debugging info on FWSM. There is no debug packet command. What should I use for full ip packet debugging?
10-06-2011 02:27 PM
If there's a need for more data regarding this setup, do not hesitate to ask. Also, we raised TAC case. Still no answer and all this is getting very interesting. Is there a way for traffic taking the fastpath to be bloked while the one on cpu is forwarded. How can this happen.
I did not mention that MPLS is enabled on switch though not on the interfaces we are dealing in this thread. So, no MPLS on GRE facing side nor on FWSM vlan.
FWSM works in bridge mode.
Simmilar thing struck us while ago when started to use GRE tunnels and MPLS. If the traffic was logged with an access list all went well. Without an access list with log all traffic failed.
We solved this with recir commands on tunnel interfaces.
I suspect similar thing is happening here.
10-09-2011 02:43 AM
Anyone? I'haven't got a slightest idea of what is happening here. Any suggestions are welcome.
Why would unfragmented packet fail while at the same time, his fragmented counterpart is passing correctly?
10-09-2011 09:31 AM
Bojan,
Could you pls. share the TAC case number?
-Kureli
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide