Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 2622 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitoring traffic throught GRE tunnel

David Babiano Rodriguez

Hi to all,

I have an issue with our sophos XG210 firewall.... We have got configured two GRE tunnels with a cloud proxy (ZSCALER). When I try to browse internet throught the cloud proxy, is not working... If I try to browse via our ISP (without proxy), I'm able to browse without any problem...

Anybody knows how I could monitor the connection??? I'm trying to make a packet capture, but I can't capture the packets which I'm throwing out via the GRE tunnels... 

The tunnels are the next:

console> system gre tunnel show
NAME LOCAL-GW REMOTE-GW LOCAL-IP REMOTE-IP TTL DYNDNS STATUS
ZSCALER_1 Port2 89.167.129.34 172.17.182.225 172.17.182.226 64 off Enabled
ZSCALER_2 Port2 165.225.76.34 172.17.182.229 172.17.182.230 64 off Enabled
 

I have configures a FW rule, which has the gateway via the tunnels... Any idea???

Thanks!!!

Regards,

David



This thread was automatically locked due to age.
Parents
  • 0

    David,

    take a TCPDUMP from advanced shell (option 5 then 3) and report the output.

    Regards

  • 0 in reply to lferrara

    Hi,

    I'm trying to reach www.cualesmiip.es (138.201.152.175)

    This is the output:

    09:59:14.674390 Port1, IN: IP 10.3.2.5.54144 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 2691274864, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:14.920062 Port1, IN: IP 10.3.2.5.54145 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 999404498, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:17.670051 Port1, IN: IP 10.3.2.5.54144 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 2691274864, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:17.920037 Port1, IN: IP 10.3.2.5.54145 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 999404498, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:23.670043 Port1, IN: IP 10.3.2.5.54144 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 2691274864, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    09:59:23.920037 Port1, IN: IP 10.3.2.5.54145 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 999404498, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    09:59:35.916136 Port1, IN: IP 10.3.2.5.54146 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 436049827, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:38.919563 Port1, IN: IP 10.3.2.5.54146 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 436049827, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:40.915359 Port1, IN: IP 10.3.2.5.54147 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 3240275713, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:43.914186 Port1, IN: IP 10.3.2.5.54147 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 3240275713, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:44.924936 Port1, IN: IP 10.3.2.5.54146 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 436049827, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    09:59:49.915162 Port1, IN: IP 10.3.2.5.54147 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 3240275713, win 8192, options [mss 1460,nop,nop,sackOK], length 0

    (The moon is the SYN flag)

    Regards

    David

Reply
  • 0 in reply to lferrara

    Hi,

    I'm trying to reach www.cualesmiip.es (138.201.152.175)

    This is the output:

    09:59:14.674390 Port1, IN: IP 10.3.2.5.54144 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 2691274864, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:14.920062 Port1, IN: IP 10.3.2.5.54145 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 999404498, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:17.670051 Port1, IN: IP 10.3.2.5.54144 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 2691274864, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:17.920037 Port1, IN: IP 10.3.2.5.54145 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 999404498, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:23.670043 Port1, IN: IP 10.3.2.5.54144 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 2691274864, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    09:59:23.920037 Port1, IN: IP 10.3.2.5.54145 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 999404498, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    09:59:35.916136 Port1, IN: IP 10.3.2.5.54146 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 436049827, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:38.919563 Port1, IN: IP 10.3.2.5.54146 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 436049827, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:40.915359 Port1, IN: IP 10.3.2.5.54147 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 3240275713, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:43.914186 Port1, IN: IP 10.3.2.5.54147 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 3240275713, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:59:44.924936 Port1, IN: IP 10.3.2.5.54146 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 436049827, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    09:59:49.915162 Port1, IN: IP 10.3.2.5.54147 > static.175.152.201.138.clients.your-server.de.www: Flags [S], seq 3240275713, win 8192, options [mss 1460,nop,nop,sackOK], length 0

    (The moon is the SYN flag)

    Regards

    David

Children
No Data