Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am doing a traceroute to salesforce.com, google.com and I see all the layer hops to my Firewall and then one hop to final destination- which is incorrect. I am not seeing any of the intermediate public hops (and surprisingly not seeing the
Do you ...
Hi Guys,
I have set up a GRE tunnel between branch office router and ZScaler. When browsing the internet from the branch office through the tunnel I am having intermittent performance issues during certain times of day.
I have checked the usual sus...
HI Guys,
Are there any advantages / disadvantages of keeping MPLS TTL propagation enabled? What are the recommended design / best practices from Cisco
Are there examples of common ISP's that enable it ? Examples of ISP who keep them disabled?
I am s...
Hi Guys,
I am trying to do TCP Ping to 8.8.8.8. but looks like my 2900 is dropping any ICMP responses coming back from INET transit routers.
When I do a ICMP ping to 8.8.8.8, it works fine and I am getting the ICMP responses back from each transit r...
Hi Georg,
I have done that and am able to ping through the GRE Tunnel.
I also want to ping the GRE Tunnel VIP (Public IP) provided by ZScaler to measure the loss / latency outside the GRE tunnel. I can do a ICMP / TCP ping to the GRE Tunnel VIP (Pub...
Hi Georg,
The Port 55126 is chosen by 2900 - dynamic NAT. So this will not work as I will have to open the whole Ephemeral port range.
Is there no way to create a Stateful Firewall rule allowing ICMP traffic back to TCP ping going out?
Any other id...
Thanks Georg. I am running the tests for a Linux machine, not from the Router.
Here is the IOS ZBFW config:
policy-map type inspect ROUTER-OUTBOUND-POLICY description Router Outbound and IPSec class type inspect ROUTER-INSPECT-OUTBOUND-CLASS inspect ...
