Hello Dan,
Thanks for ur reply
This is the only option what i see and also from design point of view the 2
PE's and firewall should be in 1 subnet for active standby failover of
firewall.
Just now i spoke to customer he has find a different solution:
From each firewall he is connecting 2 links which are terminating on his
firewall-switch,which is between PE and firewall and from firewall-switch
the link is coming to my PE routers and also he has configured IP SLA ,
tracking to my preferred interface
Dist-1/PE-1 (10.28.50.32/29) whenever the preferred interface goes down
firewall-1 will start sending traffic on my 2nd subnet
Dist-2/PE-2,with the source IP of 2nd subnet.
Is it will work,????????????????? I have only basic knowledge of firewall. i
have a dou't
Can anybody make things clear for me.
Thanks
On Sun, Jan 10, 2010 at 6:23 PM, Dan Shechter <danshtr_at_gmail.com> wrote:
> why can't you have the same IP address on both PE_CE links?
>
> Best regards,
> Dan #13685 (RS/Sec/SP)
> Troubleshooting blog: http://dans-net.com
>
>
>
> On Sat, Jan 9, 2010 at 4:04 PM, andy thomas <thomasandy32_at_gmail.com>wrote:
>
>> Hello
>>
>> Diagram:
>> ISP-1 ISP-1
>> |
>> |
>> |
>> |
>> CORE-1-------------CORE-2
>> |
>> |
>> |
>> |
>> |
>> |
>> PE-2 PE-1
>> 10.28.40.41/29 | |
>> 10.28.40.33/29
>> |
>> |
>> .42 | |
>> .34
>> firewall-2
>> firewall-1
>> |
>> |
>> |
>> |
>>
>> ----------------------------------
>> |
>> WEB SERVER (10.10.10.1)
>>
>> I want to route traffic to web server I'm using static routes pointing to
>> a
>> respective next-hop on a particular router,the devices on customer end
>> firewall is ASA, customer has asked for the preferred interface from
>> firewall-1, i have configured that by increasing the local preference of
>> the
>> route
>>
>> The link between the distribution switches and the core is MPLS and the
>> customer is configured in the VRF.
>>
>> Now the issue is:
>>
>> customer says that when the firewall-1 fails firewall-2 will be active by
>> the same inside interface IP of firewall-1, if it so then all the traffic
>> destined to web server from PE-2 to a next-hop 10.28.40.42 will drop,so in
>> this situation what techniques we shld apply,The subnet between the 2
>> firewall are different.
>>
>>
>> Any link or configuration example which will help me.
>> Thanks
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Jan 10 2010 - 18:54:16 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:41 ART