workstation (VLAN10)-SW-GRE-Peer-Remote LAN 

case1- 
in SW the port connect to workstation need to be router port via 
no swithport 
and assign IP to this port 
assign IP to workstation and make GW the port in SW

case2
in SW the port connect to workstation assign to specifc VLAN 
add IP to this VLAN SVI 
assign IP to workstation and make GW the SVI VLAN in SW 

both case need 
in SW 
ip route <remote lan > tunnel <>
in Peer 
ip route < router port OR VLAN SVI > tunnel<>

that all config you need 

MHM

Had already done the 2nd one, will try the 1st one, thanks 

1st idea was semi-successful.  Entire network can ping the port IP Address, workstation can ping the port IP Address, but workstation cannot ping rest of network nor can other devices ping workstation.

Both case need static route in SW and peer (other device of gre tunnel)

Did yoh configure static route in SW abd peer?

For 1st did you add ip to interface connect to workstation??

MHM

Static routes have been applied to the other devices and all of them ping the IP Address of the switch port.  Workstation has been assigned an IP Address in the same network range as the switch port (with same subnet mask, naturally).  Workstation can ping the port and even pings the near side of the GRE Tunnel (which is on the same 3650 as the port).  But the workstation cannot ping the far side of the GRE Tunnel or any other device.

In SW do following to know what is problem here 

Ip access-list standard 10

Permit host <workstation IP>

!

Debug ip packet acl 10 

Share debug output after you ping from workstation to far end of tunnel

Also share 

Show ip interface breif <<- SW

MHM

The OP tells us " manually set the IP and subnet of the workstation to match the network of the VLAN, and set the default gateway as the near end of the tunnel". I would suggest changing the default gateway of the workstation to be the IP of the vlan interface where the workstation is connected.

There has been some discussion about whether the firewall of the workstation is preventing ping to the workstation. As a way to check on that I suggest that you try to ping the workstation from the switch to which it is connected.

And since there is some uncertainty about ping to the workstation I suggest that we focus on solving issues with ping from the workstation, and when that is working then  look at ping to the workstation.

Due to static routing, the rest of the network can see the switch, but not yet the PC.
Suspected I might have to set up static routing for the pc, will give it a shot, thanks

Yes all devices need a route to the destination whether it be static routing or a dynamic routing protocol.

First device (router) to get a static route to the 3650 pings the vlan (vlan has IP) on the 3650 without issue.  Workstation pings the vlan on the 3650.  But router cannot ping workstation.  Workstation is on same network as the vlan.  How does the 3650 respond to a ping to the vlan ip but not the workstation ip?

I'm glad to see the router able to ping the switch vlan, because that shows the static route idea is the solution for the network.  But I don't get how the network can see the vlan on the switch, but not a workstation on the same network.  The static route on the router includes a /24 subnet mask, the vlan includes a /24 mask, so any number as the last octet for the workstation should still ping (1-254, of course).

Added static routes to entire network.  All devices can ping the vlan on the switch, but STILL NOT able to ping workstation.  Will add an IP address to the port and adjust static routes to point to that address.  If that works, hopefully workstation will ping too.

Workstation connect to SW on port with correct vlan?

Are Workstation use vlan svi as GW?

MHM