Greetings,
I'm attempting to run an ERSPAN capture from a Cisco 3850 (origin IP on subnet "A") to a Windows 10 workstation (running WS 3.2.5 on subnet "B", separate 3850 switch) through a Cisco NX7004 core. Packets are received properly from the origin switch when the tunnel is first established, but each is answered by the workstation with an ICMP Destination Protocol Unreachable (ICMP type 3, code 2). After about 7 seconds of this, the core switch* stops forwarding / routing the tunnel. Use of the "protocol 0x2f" capture filter has no effect, as the ICMP packets appear to be originating from either the OS or the NIC driver.
Any thoughts on how one might disable the ICMP response?
*Presumably the core. Running the ERSPAN where the source and destination devices are connected to the same switch does not result in a blocked stream (the ICMP packets are still present, just not acted upon).
