Please coonsider the following scenario:
H1-10.10.10.1---R1- f1188.8.131.52- tun10-------tun10---184.108.40.206 f1-SRX—10.10.11.2-G2
R1 has GRE tun10 with tunnel source f1, tunnel destination 220.127.116.11
SRX has GRE tunnel tun10 with tunnel source f1, tunnel destination 18.104.22.168
H1 and H2 communicate with over GRE tunnel.
If I have to do trace options using file and packet filter to see how packets received over GRE tunnel from R1 are treated inside SRX, should we define the packet filter for trace option for GRE imposed IP i.e src 22.214.171.124 dest 126.96.36.199 or should we define packet filter for inner packet i.e. source 10.10.10.1 , destination 10.10.11.2?
We should define packet filter for traceoption based on how packets arrived on SRX. Above we have to analyze traces as traffic received from H1 to H2 over GRE tunnel, traffic will be arriving with GRE imposed header SRC 188.8.131.52 DEST 184.108.40.206, so if we define packet-filter for traceoption based on these IP, we can see, how the packet is received, decapsulated,
On the otherhand, we define packet filter for trace option based on inner packet i,e src 10.10.10.1 dst 10.10.11.2, we will only see traces after the decapsulation by GRE.
Not sure if the above is true .
Thanks and have a nice day!!