Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
2
Replies

Cisco 2621 with failover firewalls

jwhite
Level 1
Level 1

‎04-12-2002 07:01 AM - edited ‎03-01-2019 09:16 PM

We have a Cisco 2621 connected to a pair of firewalls with failover enabled. During failover testing, we found that with the backup active, not all inbound IP traffic was being processed. Restarting the router fixed this problem. When the primary came back on line, the router had to be reset again. We looked at the defined routes and the route to our IP block is listed as a permanent route. Other static routes are not listed as permanent. Does this designation as a permanent route "lock" in the MAC address of the next device?

John

Labels:
0 Helpful
2 Replies 2

tmoreo
Level 1
Level 1

‎04-12-2002 08:40 PM

How are you connected to the 2621? Are you bridging the Ethernet Interfaces?

0 Helpful

jwhite
Level 1
Level 1
In response to tmoreo

‎04-15-2002 07:14 AM

Both firewalls are connected to a hub, which is connected to the 2621. We have solved the problem. We found the lack of expiration for the ARP entries on the 2621 were the root of the problem. The ARP cache on the 2621 was not set with a timeout value and the firewalls did not force an ARP update when they came on line. The 2621 was trying to route traffic to the MAC address of the "down" firewall. By setting a timeout value on the 2621 we force a process where the ARP table entries expire before the failover firewall comes on line. The 2621 then discovers the new device and builds an ARP table for it.

0 Helpful
Customers Also Viewed These Support Documents