Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
0
Helpful
4
Replies

Floating static route through the Firewall

Gabriel Santini
Level 1
Level 1

‎01-28-2010 09:53 AM - edited ‎03-06-2019 09:29 AM

Hi to all. Sorry for my poor english.

I have a remote site (A) connected to a access router (B). The remote site(A) has a dedicate leased line to the access router (B) plus an ADSL backup (with a tunne GRE) to my VPN tunnel concentrator (C). All are running eigrp has dinamic protocol

The access router (B) is connected to a outside ethernet por on a Firewall (D). The inside port od the firewall (D) is connected to a core router (E). The Core router (E) is running eigrp.

In this Core router (E) i have a static route to de firewall (D) to reach the remote site (A). The problem is when de teased line between the access router (B) and the remote site (A) goes down, the Core router (E) never lost the static route, because the next hop of this router (in this case is the firewall (D) never goes down. This situation cause that the traffic never pass to the ADSL.

I know that are somthing to solve this problem, but I not remember how this is called.

Can anybody hel me?


Brgds

Labels:
0 Helpful
4 Replies 4

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-28-2010 10:04 AM 

Hi to all. Sorry for my poor english.
I
have a remote site (A) connected to a access router (B). The remote
site(A) has a dedicate leased line to the access router (B) plus an
ADSL backup (with a tunne GRE) to my VPN tunnel concentrator (C). All
are running eigrp has dinamic protocol
The
access router (B) is connected to a outside ethernet por on a Firewall
(D). The inside port od the firewall (D) is connected to a core router
(E). The Core router (E) is running eigrp.
In
this Core router (E) i have a static route to de firewall (D) to reach
the remote site (A). The problem is when de teased line between the
access router (B) and the remote site (A) goes down, the Core router
(E) never lost the static route, because the next hop of this router
(in this case is the firewall (D) never goes down. This situation cause
that the traffic never pass to the ADSL.
I know that are somthing to solve this problem, but I not remember how this is called.
Can anybody hel me?

Brgds

Hi,

As per the message i have few queries firewall is connected to both router (B) and VPN concetrator via common switch or just router (B) is only connected to firewall via outside port.

If the first option the you need to configure floating static route in firewall or static route tracking mechanism.

If option 2 the configuration needs to be done in router rather in firewall.

The static route tracking feature provides a method for tracking the availability of a static route and installing a backup route if the primary route should fail. This allows you to, for example, define a default route to an ISP gateway and a backup default route to a secondary ISP in case the primary ISP becomes unavailable.

See the below link hope that clears out your query !!

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1090243

Ganesh.H

0 Helpful

Gabriel Santini
Level 1
Level 1
In response to Ganesh Hariharan

‎01-28-2010 11:22 AM

Hi.

Thank you for the help. I will try to examine the best solution and aplly one of them.

Brgds

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎01-28-2010 10:07 AM 

g-santini wrote:
Hi to all. Sorry for my poor english.
I have a remote site (A) connected to a access router (B). The remote site(A) has a dedicate leased line to the access router (B) plus an ADSL backup (with a tunne GRE) to my VPN tunnel concentrator (C). All are running eigrp has dinamic protocol
The access router (B) is connected to a outside ethernet por on a Firewall (D). The inside port od the firewall (D) is connected to a core router (E). The Core router (E) is running eigrp.
In this Core router (E) i have a static route to de firewall (D) to reach the remote site (A). The problem is when de teased line between the access router (B) and the remote site (A) goes down, the Core router (E) never lost the static route, because the next hop of this router (in this case is the firewall (D) never goes down. This situation cause that the traffic never pass to the ADSL.
I know that are somthing to solve this problem, but I not remember how this is called.
Can anybody hel me?

Brgds

Gabriel

You need to use Reliable static routing with object tracking. Basically you would set up a ping to site A via the leased line using IP SLA. And if there was no response then you can use a different static route pointing to your ADSL link.

All this is done on the core router. See this link for details -

Reliable static routing

One question though. If you are running EIGRP then why do you have a static route on the core router. Is the firewall Cisco or some other vendor and if it is Cisco is it a pix or ASA and which version of code is it running.

Jon

0 Helpful

Gabriel Santini
Level 1
Level 1
In response to Jon Marshall

‎01-28-2010 11:21 AM

Hi Jon.

We use static routing to the firewall because we don't want to use any dynamic routing than EIGRP, and the NOKIA FW do not support this dynamic routing protocol.

Thank you for the response. I will examine the recomendation for object tracking

Brgds

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card