FAQ: A GRE tunnel is built between 2 USG2100, why did only communicate in single direction?

Publication Date:  2012-09-12 Views:  71 Downloads:  0
Issue Description
A GRE tunnel is built between 2 USG2100. On two sides of devices, ping with resource address can be transmitted. But in tunnel, ping can’t be transmitted one side to another side.
Alarm Information
Handling Process
After check, find out the reason of the problem is the third reason as above.
Because two sides of tunnel belongs type C network segment, can’t ping the peer end in which the PC mask is type B network segment. Change the mask and the problem is solved.
Root Cause
1. No data flow in NAT refuse to be transmitted by tunnel.
2. The packets is blocked by inter-zone packet filter of outbound
3. The PC mask is too large.