Re: Antwort: Re: Cisco HSRP behavior

From: balaji.balakrishnan (balaji.balakrishnan@swift.com)
Date: Fri Jan 30 2004 - 11:47:23 GMT-3

• Next message: nettable_walker@comcast.net: "ISDN question"
• Previous message: balaji.balakrishnan: "Re: Cisco HSRP behavior"
• Maybe in reply to: balaji.balakrishnan: "Re: Antwort: Re: Cisco HSRP behavior"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Our Netscreen firewall populate the session based on incoming IP and MAC .
Using Bia, it works fine till Primary router fails for some reason and there is a hsrp switchover. Now all the packets comes with
physcial MAC of other router. Firewall fails to match in those with its session table and drops. It works only after the
application re-establishes ( new TCP Sync) through the other router.

- Bala.

Arvind Yadav wrote:

> Balaji
>
> If you use bia, in that case hsrp will use the physical mac address in place
> of virtual mac. This will solve FW problem.
>
> Arvind
>
> ----- Original Message -----
> From: "balaji.balakrishnan" <balaji.balakrishnan@swift.com>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, January 29, 2004 4:19 PM
> Subject: Re: Antwort: Re: Cisco HSRP behavior
>
> > "balaji.balakrishnan" wrote:
> >
> > > This causing real problem. Also even I send the traffic to its HSRP IP
> ( like telnet) , the reply comes back with its physical MAC
> > > that causes problem with our firewall which expecting reply from same
> mac address to which it sends traffic.
> > >
> > > Any other solution in Cisco ??? what is mean by Gateway loadbalancing
> protocol
> > >
> > > - Bala.
> > >
> > > sascha.lemberg@degussa.com wrote:
> > >
> > > > There is no solution with HSRP, i guess.
> > > >
> > > > Whats about Gateway loadbalancing protocol ? This will use a virtal
> > > > Mac-address.
> > > >
> > > > Mit freundlichen Gr|_en / Best regards
> > > >
> > > > Sascha Lemberg
> > > >
> > > > its.on
> > > > Global Network Services
> > > > T +49.(0)69 218 5663
> > > > E-Mail: sascha.lemberg@degussa.com
> > > >
> > > >
> > > > "balaji.balakrishnan
> > > > " An: kasturi
> cisco <kasturi_cisco@hotmail.com>, ccielab@groupstudy.com
> > > > <balaji.balakrishnan Kopie:
> > > > @swift.com> Thema: Re: Cisco
> HSRP behavior
> > > > Gesendet von:
> > > > nobody@groupstudy.co
> > > > m
> > > >
> > > >
> > > > 29.01.2004 20:34
> > > > Bitte antworten an
> > > > "balaji.balakrishnan
> > > > "
> > > >
> > > >
> > > >
> > > > Hi Kasturi,
> > > >
> > > > Was my question not clear ??? I am not talking about bia . My
> question
> > > > was
> > > >
> > > > >>When a Cisco router pair running HSRP between them forwards the
> traffic,
> > > > it uses physical MAC address of the active HSRP router.
> > > >
> > > > Is it possible to configure the router to use HSRP MAC instead of the
> > > > physical MAC. <<<
> > > >
> > > > Even if you use Bia or not, all the packet forwarded by a active
> hsrp
> > > > router across its interface where it is running HSRP would
> > > > use its physical MAC. My question is how to change that behavior so
> that
> > > > it will use HSRP MAC .
> > > >
> > > > - Bala.
> > > >
> > > > kasturi cisco wrote:
> > > >
> > > > > Have u tried to use the bia command.Good Luck,
> > > > > Kasturi.
> > > > >
> > > > >
> > > > >
> > >
> > --------------------------------------------------------------------------
> ---------------------------------------------------------
> > > >
> > > > > NRIs, Free Money transfer to India. Click here.
> > > >
> > > > [GroupStudy removed an attachment of type
> application/x-pkcs7-signature
> > > > which had a name of smime.p7s]
> > > >
> > > >
> _______________________________________________________________________
> > > > Please help support GroupStudy by purchasing your study materials
> from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> >
> > [GroupStudy removed an attachment of type application/x-pkcs7-signature
> which had a name of smime.p7s]
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

[GroupStudy removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]

• Next message: nettable_walker@comcast.net: "ISDN question"
• Previous message: balaji.balakrishnan: "Re: Cisco HSRP behavior"
• Maybe in reply to: balaji.balakrishnan: "Re: Antwort: Re: Cisco HSRP behavior"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:52 GMT-3