On Wed, Jun 22, 2011 at 6:27 PM, Bret Palsson <bret@getjive.com> wrote:
I am using OSPFv2 between the CERs and the Firewalls. Failover works just fine, however when I fail an OSPF link that has the active default route, ingress traffic still routes fine and dandy, but egress traffic doesn't. Both Netiron's OSPF are setup to advertise they are the default route.
Hi Bret, I have a setup that is almost identical except there is a pair of simple switches between the routers and firewalls interconnecting all into a LAN and I'm working with Cisco 2811's instead of Netiron CERs. Can you expand on the interface addressing and what the firewalls see via OSPF during your failure scenario?
What I'm wondering is, if OSPF is the right solution for this. How do others solve this problem?
My failover firewall also connects to the switches (inside and out) and turns down ports which connect to the primary firewall. During a failure, the primary can't be depended on to completely take itself out of line. If it was in a working state that could be depended on, it wouldn't have failed. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.comĀ bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004