Re: PIX and HSRP

rdubo · ‎06-03-2005

Hi,

My provider gives me a pair of router for Internet Access. The 2 routers are running HSRP. Behind the routers I have a PIX firewall. I also have /28 public subnet.

I have no problem to access Internet but I have problem with incoming traffic. For example, I use a public address for SMTP and I can not access. To resolve this I have to plug the PIX to the ADSL router ...

Does anyone have an idea? Maybe something with HSRP...or mac address table...

Regards

msheik · ‎06-03-2005

Hi,

ave you tried with proper 'static' entries on firewall?

Thanks

MS

rdubo · ‎06-06-2005

Hi,

The configuration of the NAT is here:

static (inside,outside) public_IP1 esafe-antivirus netmask 255.255.255.255 0 0

static (intf2,outside) public_IP2 DMZ-DOMINO netmask 255.255.255.255 0 0

minoc · ‎06-10-2005

Double check both routers are not using asymetric routing. This might be your problem. Let's say for instance that packets from outside to your server are coming from router 1, but replies are going to router 2. What would happen here is that router 2 will drop these packects because they were never seem on that router before.

HSRP is only used for packects coming from the interface connected to the Pix, that's why access to the internet is working fine. HSRP will not work from the other interfaces if not configured. Do you have HSRP configured on both interfaces ingress and egress?.

Also HSRP always will use one router as primary and does not support load balancing between both routers. You may as well check to see if GLB will be a better solution for this.

Regards,

Carlos Roque