if the wic has like 4-8-16 ports then is a switching module. If not then you are using the LAN interfaces

Hi

Where is the LAN ? how the systems are conncted in the LAN ..Diagram has routers and Firewall's..Do you have switches in the network ?

With Rgds,

Satish

The lan is on the other side of the firewall. But the question is why can't standby router ping the VIP ?

Why would it make a difference ?

not sure i understand

On which device you have configured Vlan 1 ?

Do you have any ip address on g0/0/0 the interface that connects the 2 routers? you will have to configure and ip address on both primary and secondary g0/0/0 interfaces and the VIP should be from same subnet. Then you will have to configure a route on the firewalls to point to the VIP. You can not configure the g0/0/3 and g0/0/0 on the same network...router will say that ip overlaps. I have created a set up similar as yours and I used subinterfaces on the routers but I had to create 5 subnets, one to each firewall, one between the routers, and 2, one from each router to Internet. It is just basic config for routers with static routing.

I have tested by shuting down serial interfae on Primary and Secondary becomes Primary, then open the interface on Primary and routers change roles again.

I will post the picture if you like

Eugen

Um  i use the vlan1 interface which binds together the interfaces so I only have to put an address on the vlan interface not all the interfaces

I don't want to use static routers. I have bgp installed and working.

i think we moving away from the the issue.

standby router can't ping the VIP. it can ping everything else.

Hi Alex,

I didn't suggest you to use static routes, I have used static routes in my simulation to try to understand what the problem is and how can be solved.

    On the routers you have, you can't setup an IP address to a vlan, like you do on the switch, unless the interfaces you mentioned (g0/0/0 -g0/0/3) are part of a switching module installed on the router.

     If your g0/0/0 interfaces between the two routers are up and up, then the problem could be with bgp peer configuration.

    If interfaces g0/0/0 are up on both routers but line protocol is down then your ping goes to the firewall first and you need to check if it allows pings on outside interface( i guess it is configured as an outside the one connecting to your secondary router).

   You can use an extended ping from seondary and record the hops it goes thru, then you will know for sure which way it goes out of router.

   One other suggestion is copy the running configurations from both routers, and if you have spare 2 routers connect them together like your topology, use loopback to simulate internet and firewalls and see if it works.

This is all I can suggest now based on the info you provided.

Good luck and hope that you will get to the bottom of it.

Eugen

hi

Thanks for that, I must have missed understood you in regards to the statics!.

I can understand what you are saying about the switch module and such and I believe it is a switch module.

unfortunately I don't any spare routers

extended ping ? i have specified a source interface vlan1

still no luck.

I am still not sure its a routing issue, casue I can ping the other addresses .253 and .250 ...

I will have some time to run some more tests next year (this weekend )

A