Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
3
Replies

How is it possible?

Go to solution
ugyentashi
Level 1
Level 1

‎08-30-2023 08:10 PM - last edited on ‎08-31-2023 02:20 AM by Community Manager

R2 is the border router of a company and is running simple eBGP with the outside world. It advertises its

103.7.116.0/24

into BGP.

R2 has a static route pointing towards the firewall for this

103.7.116.0/24

R2 is connected to the firewall with a

103.7.116.128/25 infra-network
R2 inside - 103.7.116.129/25

Fw-outside - 103.7.116.144/25

By logic we know that anything encompassing the

/25

subnet of this network, R2 will learn via connected and anything outside the

/25

but within the

/24

will be known via static (pointed towards the firewall).

The question here is when an outside user tries to communicate (here its is ping) to an address of

103.7.116.143

[which resides on the firewall as a host server], R2 should be learning this via the connected

103.7.116.128/25

So the communication to the right server on the firewall should fail, for the reason that it doesn't use the correct static route pointed to the actual server on the firewall.

How is it possible?

Labels:
Preview file
3 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Level 12
Level 12

‎08-30-2023 08:46 PM - last edited on ‎08-31-2023 02:21 AM by Community Manager

Hi @ugyentashi ,

Since 

103.7.116.143

is part of the directly connected subnet, R2 sends an ARP request for it and the FW replies with an ARP reply.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Harold Ritter
Level 12
Level 12

‎08-30-2023 08:46 PM - last edited on ‎08-31-2023 02:21 AM by Community Manager

Hi @ugyentashi ,

Since 

103.7.116.143

is part of the directly connected subnet, R2 sends an ARP request for it and the FW replies with an ARP reply.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
ugyentashi
Level 1
Level 1
In response to Harold Ritter

‎08-30-2023 10:39 PM - last edited on ‎08-31-2023 02:22 AM by Community Manager

That makes sense, thanks. Just one query, what if the

103.7.116.143

was available(through a static route) through another interface on R2? ARP request will go through connected but server is available through another. will this create an issue?

0 Helpful

Go to solution
Harold Ritter
Level 12
Level 12
In response to ugyentashi

‎08-31-2023 05:57 AM

Hi @ugyentashi ,

If 103.7.116.143 was reachable via a more specific static route, packet would be forwarded via the corresponding next hop, as more specific route would be preferred over the connected route.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card