How to avoid ICMP "Destination Protocol Unreachable" with ERSPAN to WIndows 10
Greetings,
I'm attempting to run an ERSPAN capture from a Cisco 3850 (origin IP on subnet "A") to a Windows 10 workstation (running WS 3.2.5 on subnet "B", separate 3850 switch) through a Cisco NX7004 core. Packets are received properly from the origin switch when the tunnel is first established, but each is answered by the workstation with an ICMP Destination Protocol Unreachable (ICMP type 3, code 2). After about 7 seconds of this, the core switch* stops forwarding / routing the tunnel. Use of the "protocol 0x2f" capture filter has no effect, as the ICMP packets appear to be originating from either the OS or the NIC driver.
Any thoughts on how one might disable the ICMP response?
*Presumably the core. Running the ERSPAN where the source and destination devices are connected to the same switch does not result in a blocked stream (the ICMP packets are still present, just not acted upon).
Are you de-encapsulating the packets on the subnet "B" switch or sending to the PC IP address?
ERSPAN – My New Favorite Packet Capturing Trick
Sending to the destination PC IP as per the link you reference.
Is there a rule in Windows firewall to allow the GRE packets in?
All firewalls are completely disabled, yet the behavior persists.
Thank you all for the assistance. I'm chocking this one up to "Sorry, not with Windows you don't!"