11-14-2019 01:46 AM
Hi, Guys,
Need your precious advice.
GRE tunnel setup with Public IP (without NAT) is not difficult, everything is fine and GRE tunnel is running properly.
But after the source GRE IP is NATed :
Case1: the "GRE keepalive" can not be confgured, or the tunnel is down (traffic can not pass through the tunnel).
Case2: if no "GRE keepalive" is configured, tunnel interfaces are down, but traffic is able to pass through the tunnel.
Issued GRE packet is captured as the attached, what is the Source GEOIP: Unknown & Destination GEOIP: Unknown ?
Many thanks in advance.
11-14-2019 07:27 PM
Hi Benson,
I have this problem too, on my old c3750
Q1. Gre keepalive issue
refer to "keepalive" issue for Gre CLI configuration:
It works on router model as expected, but sometimes we have to check if we build Gre tunnel on switch model(e.g. old c3750), it does supported Gre commands, but not recommended by TAC, and performance issue is expected.
There is some works tested "keepalive" feature may not work properly:
https://community.cisco.com/t5/mpls/keepalive-brings-tunnel-in-vrf-down/td-p/1711180 |
Q2. GEOIP issue
it is refer to wireshark feature which we may not discuss in this forum in detail
GeoIP information is an alternating list of source and destination paramters:
[Source GeoIP Country: China]
[Destination GeoIP Country: Japan]
..
hope the share above may help you. [heart]
Aim
11-14-2019 09:33 PM
Hello Aim,
rated as it is deserved.
The GeoIP concept is used in security contexts with cloud based services that provides this capability to create security policies for NG firewall: many vendors Fortinet, Juniper, Palo Alto and Cisco itself provide this capabilities having each FW or FW manager to interact with a cloud based service to get this GEOIP info.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide