Hi experts,
Recently we have been testing gre+vrf deployment for our guest segment. Attached is high level topology.
Below is how its setup
- Guest SSID terminated on Wism in our of our DCs 6509 switch
- WISM provides IP address to clients in specific VLAN
- Guest Network in vrf tunneled through the corporate network for segmentation and terminated to Cisco 29xx router in DMZ
- Tunnels in same vrf as guest vlan vrf, communication between tunnel etc works fine
- Guest can access and ping internet etc fine can see traffic both ways on external firewall
Issue: Guest network is having issues accessing entire internet, strange behaviour is seen. Google/gmail/youtube/Google news and bing works fine but none of the other sites load, 29xx routers show packets forwarded in cache flow where as packets logged on firewall as well. initiating a search in google is working but when the content provider link clicked does not present the page. Layer 1/2/3/4 show no issue. IPS is exempting gst network from being scanned, checked logs no drops at that level as well. GRE keepalive through Cisco ASA which is the internal facing firewall does not work either, NAT is used to create tunnel and is up/up but when keepalive implemented tunnel goes up/down
Other issue when debug initiated on 6509 switch getting lot of below log, whereas when debug ip packet detail initiated on 29xx router does not log packet forwarding from guest network ip source but ip cache flow has source and dest as gst network and internet
pak 500A4908 consumed in input feature , packet consum
ed, MCI Check(55), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Would appreciate if someone could confirm if its not an IOS issue?
Thanks
