Problems with IP ICMP Redirect

aoshea · ‎03-21-2006

Dear Support,

Wondering if anyone could help me, as have a problem IP ICMP Redirect causing me an issue when I test the failover of a connection between our site and the datacentre.

Outline of problem

When the WAN interfaces are tested, all fine the network converges.

But if I pull out the lan interface of either of the routers (both ends are configured with HSRP) then I get a problem where the switch at the datacente shows that it is doing an ICMP redirect. I've tried turning it off by using the 'no ip icmp redirect' command, but this does seem to work.

In order to allow the pings through once the network has converged, I either need to do a RDP (remote desktop) connection to the server or use the 'clear ip redirects' command on the switch.

The switch points the redirect as being the being the internal address of the pix. see below;

Switch#sh ip redirects

Default gateway is 10.17.1.254

Host Gateway Last Use Total Uses Interface

192.1.1.123 10.17.1.251 0:00 611 VLAN5

Switch#

The switch is configured to use 10.17.1.254 (HSRP Address) on the DC end as its 'ip default-gateway'

Can anyone give me some advise on this as it is driving me mad!

We are running OSPF on the routers and have a pix at the datacentre for internet connectivity.

Thank you in advance for any assistance.

Regards, Adrian

sundar.palaniappan · ‎03-21-2006

Just want to clarify, do you mean to say that despite issuing the 'no ip redirect' on the interface the device continues to send ICMP redirect messages to the host?

By default, when HSRP is enabled on an interface 'ip redirects' are disabled on an interface. Post the output of 'show ip int (#)' from the device sending the ICMP redirects.

--Sundar