- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Multiple Routes on 5412zl Router/Switches? Arg...
Switches, Hubs, and Modems
1748163
Members
3732
Online
108758
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-18-2009 07:19 AM
тАО03-18-2009 07:19 AM
Multiple Routes on 5412zl Router/Switches? Argh!
Afternoon all,
We have recently had a completely new infrastructure put in place at our offices which myself and another colleague are maintaining.
Equipment-wise, it is all 5412zl and 3500yl switches running 10gbit fiber everywhere round the building.
We have multiple VLANs and two core (5412zl's) switches performing all the routing.
We have a default route of 0.0.0.0/0 set to point to our existing firewall but I have come upon a problem with regards to moving onto out new internet line and associated firewall.
Basically, I need to know whether it is possible to specify more than one route for 0.0.0.0/0 traffic for incoming requests (internet-side) so I can seamlessly migrate our external services. Obviously, I cannot perform this easily without this as the core switches 'Default Gateway' is set to our old firewall and ports forwarded from the new firewall do not reach their destination through the core switches until the default route on the core switches is changed.
Does anyone know if there is a way round this? Ideally, we'd like to configure an additional route out on the core switches (which would allow port-forwarded requests from both firewalls to reach all VLANs), which will probably be on a temporary basis but would be even better if we could retain the setting to allow a rudimentary fail-over solution should one of the internet connections go down.
Both old and new firewalls reside on the same VLAN range and they due to be replaced soon for a more enterprise-standard firewall solution as they are pretty basic affairs and not suited to our business requirements. Until that time I could do with having them running at their full potential...
All VLAN machines have their Default Gateway set to the appropriate VLANs gateway (ie. 192.168.2.254 for 192.168.2.0/24). If the default gateway is changed to the firewall address then it all works fine as expected but we can't afford to do this in our VLAN routed environment now...
Any ideas?
Many thanks,
James.
We have recently had a completely new infrastructure put in place at our offices which myself and another colleague are maintaining.
Equipment-wise, it is all 5412zl and 3500yl switches running 10gbit fiber everywhere round the building.
We have multiple VLANs and two core (5412zl's) switches performing all the routing.
We have a default route of 0.0.0.0/0 set to point to our existing firewall but I have come upon a problem with regards to moving onto out new internet line and associated firewall.
Basically, I need to know whether it is possible to specify more than one route for 0.0.0.0/0 traffic for incoming requests (internet-side) so I can seamlessly migrate our external services. Obviously, I cannot perform this easily without this as the core switches 'Default Gateway' is set to our old firewall and ports forwarded from the new firewall do not reach their destination through the core switches until the default route on the core switches is changed.
Does anyone know if there is a way round this? Ideally, we'd like to configure an additional route out on the core switches (which would allow port-forwarded requests from both firewalls to reach all VLANs), which will probably be on a temporary basis but would be even better if we could retain the setting to allow a rudimentary fail-over solution should one of the internet connections go down.
Both old and new firewalls reside on the same VLAN range and they due to be replaced soon for a more enterprise-standard firewall solution as they are pretty basic affairs and not suited to our business requirements. Until that time I could do with having them running at their full potential...
All VLAN machines have their Default Gateway set to the appropriate VLANs gateway (ie. 192.168.2.254 for 192.168.2.0/24). If the default gateway is changed to the firewall address then it all works fine as expected but we can't afford to do this in our VLAN routed environment now...
Any ideas?
Many thanks,
James.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2009 02:00 AM
тАО03-19-2009 02:00 AM
Re: Multiple Routes on 5412zl Router/Switches? Argh!
i'm not sure i understand your setup correctly.
you got a network with two firewalls each with it's owne internet connection?
or you got two networks with each a firewall and an internet connection?
basically it's not possible to have two default routes from the internet-side to your network.
but as you mention "internet" i assume you use NAT to public adresses?
if so you can enable/disable selective adresses on the firewall you want to use incomming for a service.
so only the firewall with the public NAT-adress enabled will listen on the internet-side to a specific adress and pass the packets to the local network.
you cannot use one FW incomming and other FW outgoing for same session.
so the hosts that are destination of these packets must be configured to use the same firewall for outgoung packets.
you got a network with two firewalls each with it's owne internet connection?
or you got two networks with each a firewall and an internet connection?
basically it's not possible to have two default routes from the internet-side to your network.
but as you mention "internet" i assume you use NAT to public adresses?
if so you can enable/disable selective adresses on the firewall you want to use incomming for a service.
so only the firewall with the public NAT-adress enabled will listen on the internet-side to a specific adress and pass the packets to the local network.
you cannot use one FW incomming and other FW outgoing for same session.
so the hosts that are destination of these packets must be configured to use the same firewall for outgoung packets.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2009 02:26 AM
тАО03-19-2009 02:26 AM
Re: Multiple Routes on 5412zl Router/Switches? Argh!
Thanks for your reply. Funnily enough, looking through the manual after I wrote this post suggested as you have, that only one external IP route can be added. I suppose in a bigger environment I may have another hop in the equation, but hey....
Anyhow, I have figured this out and used one firewall for both internet connections now and got a load-balancing/failover solution working nicely with a proper DMZ too. Turns out our rubbish firewall has a provision for 4 WAN connections so the problem has now gone away.
Many thanks for your input.
Anyhow, I have figured this out and used one firewall for both internet connections now and got a load-balancing/failover solution working nicely with a proper DMZ too. Turns out our rubbish firewall has a provision for 4 WAN connections so the problem has now gone away.
Many thanks for your input.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP