Re: redundant routing via static

shaun.white · ‎12-13-2004

the stripped down configuration of what i have is a router plugged into a switch that every port is on the same vlan (and the switch is doing NO routing). from the switch i go into two diffrent firewalls (pix and fortinet) which are NOT doing stateful failover. what i need to do is route the internat networks behind the firwall from the router to the firewall. But i want one firewall to be the primary route and one to be the secondary. if the primary fails then the secondary route takes over. so what i did was

ip route 10.0.0.0 255.0.0.0 <firewall A>

ip route 10.0.0.0 255.0.0.0 <firewall B> 150

when i unplug the primary firewall the first static route never goes down. The floating route never takes over, even though i cant ping firewall A. What am i doing wrong? I know i could fix most of this by running ospf on the router an firewalls but a requirement of the task is that no routing other then static is running on the firewalls

Harold Ritter · ‎12-13-2004

The static route will not be removed from the routing table just because the firewall goes down. As long as the ethernet interface is in status up/up, the route remains in the RIB.

You can use the reliable static routing feature to remove the route from the routing table if the host doesn't respond to a ping for instance.

For more information on this feature, refer to the following URL:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México