Hi Vikas
Thank you for your reply, below you can find the outputs you mentioned in your post.
SiteB-> get route id 14 route in trust-vr: ------------------------------------------------ id: 14 IP address/mask: 10.238.135.129/32 next hop (gateway): 0.0.0.0 preference: 0 metric: 0 description: outgoing interface: bgroup1 vsys name/id: Root/0 tag: 0 flag: 34000000/00100000 type: host status: active (for 1 minutes 1 seconds)
SiteB-> get int tun.2
Interface tunnel.2:
description tunnel.2
number 20, if_info 1776, if_index 2, mode route
if_signature 0x4e53434e
sess token 25, flow flag 0x0 if flag 0x20c00200 flag2 0x0
link up, admin status up
vsys Root, zone VPN, vr trust-vr
hwif tunnel flag 0xc00200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 unnumbered, source interface ethernet0/4
*manage ip 0.0.0.0
bound vpn:
[SiteA.full.FQDN]
Next-Hop Tunnel Binding table
Flag Status Next-Hop(IP) tunnel-id VPN
U 10.1.1.0 0x00000008 [SiteA.full.FQDN]
pmtu-v4 disabled
ping disabled, telnet disabled, SSH disabled, SNMP disabled
web disabled, ident-reset disabled, SSL disabled
OSPF disabled OSPFv3 disabled BGP disabled RIP disabled RIPng disabled
mtrace disabled
PIM: not configured IGMP not configured
MLD not configured
NHRP disabled
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbpsSiteB-> get inter bgroup1
Interface bgroup1:
description bgroup1
number 12, if_info 1056, if_index 0, mode nat
if_signature 0x4e53434e
sess token 18, flow flag 0x0 if flag 0x11025200 flag2 0x0
link up, phy-link up/full-duplex, admin status up
status change:145, last change:11/02/2016 17:31:54
vsys Root, zone Config, vr trust-vr
hwif bgroup1 flag 0x10000200 flag2 0x0 flag3 0x10100000, vsys Root
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 10.238.135.129/28 mac 5c5e.ab93.4a0c
*manage ip 10.238.135.129, mac 5c5e.ab93.4a0c
route-deny disable
pmtu-v4 disabled
ping enabled, telnet disabled, SSH enabled, SNMP disabled
web enabled, ident-reset disabled, SSL enabled
DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0
OSPF disabled OSPFv3 disabled BGP disabled RIP disabled RIPng disabled
mtrace disabled
PIM: not configured IGMP not configured
MLD not configured
NHRP disabled
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
DHCP-Relay disabled at interface level
DHCP-server enabled, status on.
Physical port information:
ethernet0/5 is down
ethernet0/6 is up, full duplex, speed is 100mbpsSiteB-> get flow flow action flag: 0095 flow GRE outbound tcp-mss is not set flow GRE inbound tcp-mss is not set flow change tcp mss option for all packets is not set flow change tcp mss option for outbound vpn packets = 1350 flow change tcp mss option for bi-directional vpn packets is not set flow deny session disabled TCP syn-proxy syn-cookie disabled Log dropped packet disabled Log auth dropped packet disabled Allow dns reply pkt without matched request : NO Check TCP SYN bit before create session & refresh session only after tcp 3 way handshake : YES Check TCP SYN bit before create session : NO Check TCP SYN bit before create session for tunneled packets : YES Enable the strict SYN check: NO Allow naked tcp reset pass through firewall: NO Use Hub-and-Spoke policies for Untrust MIP traffic that loops on same interface Check unknown mac flooding : YES Skip sequence number check in stateful inspection : NO Drop embedded ICMP : NO ICMP path mtu discovery : NO ICMP time exceeded : NO TCP RST invalidates session immediately : NO Force packet fragment reassembly : NO flow log info: 0.0.0.0/0->0.0.0.0/0,0 flow initial session timeout: 20 seconds flow session cleanup time: 2 seconds early ageout setting: high watermark = 100 (8064 sessions) low watermark = 100 (8064 sessions) early ageout = 2 RST seq. chk OFF MAC cache for management traffic: OFF Fix tunnel outgoing interface: OFF session timeout on route change is not set reverse route setting: clear-text or first packet going into tunnel: prefer reverse route (default) first packet from tunnel: always reverse route (default) Close session when receive ICMP error packet: YES Passing through only one ICMP error packet: NO Flow caches route and arp: YES, miss rate 8% flow tcp session notification tuning value is 65536