Wed Nov 10, 2021 9:56 am
I have a problem when packets travel through tunnel site to site
Site 1: Cisco router
Host A1: 192.168.10.1/24 belong to vlan 10 created in switch
Tunnel: 1.2.1.1
Site 2: Mikrotik Router
Host B2: 192.168.20.1/24 belong to vlan 20 created in switch
Tunnel: 1.2.1.2
-2 sites tunnel and run OSPF together, site 1 is cisco router, site 2 is mikrotik, about routing there is no problem but when packets, for example when pinging from a host in site 2 to site 1, use wireshark to capture packets will see all the IP of the tunnel interface sent through, even if I creates a new network that hasn't advertised to ospf or routed anything, it can still ping site 1 (using ping .... src-address =....) but all packets will have the source IP of the tunnel interface. I don't know what the problem is, because it's related to my access list, I want to permit only some IPs from another site. , but only need IP permit of tunnel interface, all IPs can ping through site 1 (site with Cisco router).
For an example: When I pinging from host B2 to host A1, I will check the packets through interface vlan 10,and it have source IP is 1.2.1.2 Although in theory it should be the IP of host b2(192.168.20.1).It caused the access list can not filter that packet correctly.
-Because of tunnel theory, I find this case a bit ridiculous, while site 1 and site 3 (both are cisco) don't have this problem. Anyone who has encountered this situation can explain it to me?