Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Roy_Smith
Collaborator
Jump to solution

Gre Tunnel traffic being dropped

Hi

We have 2 R81.10 appliances in 2 separate sites, connected over our WAN. Behind each firewall, there is a wireless controller. The 2 wireless controllers are configured to connect to each other via Gre tunnels. However, the gre tunnel is not getting established between these 2 controllers. Each controller also have other gre tunnels to other wireless controllers at other sites on the WAN, which are established and working. It appears it is only the gre traffic between the 2 main controllers that is getting dropped at each firewall. 

If I run tcpdump, I can see the traffic coming in to the interface but not going out. If I run fw ctl zdebug drop I get the message 

"dropped by fw_handle_old_conn_recovery Reason: Other protocol packet that belongs to an old connection" 

I'm unable to find much information on this particular message. Has anyone any ideas what it could point to and how I troubleshoot this? Any reason why some gre traffic goes through and other traffic is dropped?

Many Thanks
Roy

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

sk121933 talks to a similar drop reason for UDP traffic flows.

Can I confirm your connect persistence settings, are they set to keep or rematch?

Is the issue always present or only after someone performs a policy installation for the intermediate gateway?

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

sk121933 talks to a similar drop reason for UDP traffic flows.

Can I confirm your connect persistence settings, are they set to keep or rematch?

Is the issue always present or only after someone performs a policy installation for the intermediate gateway?

CCSM R77/R80/ELITE
0 Kudos
Roy_Smith
Collaborator

Chris

Thanks for that. I initially went through the sk article but did not see any difference. I decided to go through the clear connections steps on both gateways and that appears to have resolved the issue. 

Thanks
Roy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events