Wednesday, March 11, 2020

Routing loop? - Firewall interface?

Hi,

I have the following config:

router ospf 1 router-id 10.22.1.65 ip route 0.0.0.0 0.0.0.0 Loopback1 ip route 10.22.8.0 255.255.255.0 10.22.1.250 ip route 10.22.14.0 255.255.255.0 10.22.1.254 ip route 10.22.15.0 255.255.255.0 10.22.1.254 ip route 192.168.103.0 255.255.255.0 10.22.1.250 ip route 192.168.104.0 255.255.255.0 10.22.1.254 ip route 212.50.160.56 255.255.255.255 10.22.1.3

If you trace the connection to something in the 10.22.14.0/24 network, you get this

Tracing the route to 10.22.14.9 1 * * * 2 10.22.1.253 0 msec 0 msec 8 msec 3 * * * 4 10.22.1.253 0 msec 0 msec 0 msec 5 * * * 6

(And it keeps going like that)

The 10.22.1.253 the address is the SVI of a VLAN

interface Vlan810 description SVI:: IDC - FW01 Linknet ip address 10.22.1.253 255.255.255.252 no ip redirects no ip proxy-arp no ip route-cache cef no ip route-cache no ip mroute-cache end

I've done this from our core switch

From windows, I logged onto a machine with an IP of 10.22.13.1 and got this (similar, basically)

C:\Users\Administrator>tracert 10.22.14.9 Tracing route to 10.22.14.9 over a maximum of 30 hops 1 <1 ms 3 ms 1 ms 10.22.13.254 2 <1 ms 1 ms 1 ms 10.22.1.1 3 * * * Request timed out. 4 2 ms 1 ms 1 ms 10.22.1.249 5 * * * Request timed out. 6 2 ms 1 ms 1 ms 10.22.1.253 7 * * * Request timed out. 8 1 ms 1 ms 1 ms 10.22.1.253 9 * * * Request timed out. 10 4 ms 1 ms 1 ms 10.22.1.253 11 * * * Request timed out. 12 3 ms 2 ms 2 ms 10.22.1.253 13 * * * Request timed out. 14 1 ms 3 ms 2 ms 10.22.1.253 15 * * * Request timed out. 16 1 ms 2 ms 1 ms 10.22.1.253 17 * * * Request timed out. 18 1 ms 2 ms 2 ms 10.22.1.253 19 * * * Request timed out. 20 2 ms 1 ms 1 ms 10.22.1.253 21 * *

I'm not sure how this can be fixed? It does have the

ip route 10.22.14.0 255.255.255.0 10.22.1.254

route

sh ip route shows this:

gb-bfd-idc-cor-01#sh ip route | i 10.22.1.254 S 192.168.104.0/24 [1/0] via 10.22.1.254 S 10.22.14.0/24 [1/0] via 10.22.1.254 S 10.22.15.0/24 [1/0] via 10.22.1.254 gb-bfd-idc-cor-01#

The firewall's IP is 10.22.1.254, not 10.22.1.253

Our current core setup is this:
https://ibb.co/0QZCJ8m



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)