Solved: Re: ICMP redirect, Dynamic IP Route generated on Servers

avilt · ‎10-04-2010

Here is my setup.

Local Ofice----> WAN Links---->Remote DC-> Firewall -----Internet link.

At Remote DC we have Windows systems, cisco switches/routers/VPN concentrator, AS400 systems, Checkpoint Firewall,

load balancers, Bluecoat proxy etc.

Sometime some of the devices at remote DC are not accessible.
For example there is a client at local office with the IP 10.0.0.10 and remote server 20.0.0.20(remote DC)
Sometimes from 10.0.0.10, I am unable to ping 20.0.0.20.
The tracert to 20.0.0.20 reaches the routers of remote DC.
During this time, I inspected the routing table on 20.0.0.20 and I found one route specific to 10.0.0.10 pointing to internet firewall as the path, which is wrong.

These symptoms are founf on Windows/AS400/Bluecoat devices.

How can I track the device which is injecting these routes? Is it because of ICMP redirect?

gatlin007 · ‎10-08-2010

It could be an ICMP redirect. To determine if this is the case try this command:

show ip redirects

It could also be a 'loose' NAT configuration on the firewall. I've seen firewalls proxy-arp for addresses that don't belong to it based on an overreaching NAT configuration.

Chris

View solution in original post

gatlin007 · ‎10-08-2010

It could be an ICMP redirect. To determine if this is the case try this command:

show ip redirects

It could also be a 'loose' NAT configuration on the firewall. I've seen firewalls proxy-arp for addresses that don't belong to it based on an overreaching NAT configuration.

Chris

avilt · ‎10-11-2010

Yes, confirmed it due to icmp-redirect.