I have configured a GRE tunnel between two routers that are each behind PIX firewalls. I have setup a VPN to encrypt all IP traffic between the routers.
The GRE traffic is only flowing from router A to router B.
I can ping from router A to router B and vice versa. I've verified that those pings are going out via the vpn by doing a 'show ipsec sa' and watching the counters. I have also verified that the GRE tunnel keepalives are being sent by both routers but only router A's packets are making it across. Router B receives A's keep-alives but A does not receive B's.
I did a capture on pix B to verify that the GRE packets from router B are making it to the PIX correctly.
I do not have any specific rules anywhere, on either PIX, or either router for gre. The access-list rule looks like this:
access-list tunnel extended permit ip xx.xx.198.40 255.255.255.252 xx.xx.198.44 255.255.255.252
When I do a 'packet-tracer' on pix B I see that everything but GRE goes out the VPN but all I get for GRE is:
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 2696171, using existing flow
Result:
input-interface: inside
input-status: up
input-line-status: up
Action: allow
I have no idea how to view details on flow id 2696171.
Any ideas?