Inter Vlan routing

Unanswered Question
Mar 28th, 2008

Hi

I have a network which is not very complicated. As in the attached diagram, I have 2 ISPs coming into my network terminated on 2 Adtran routers. There is no load balancing configured due to hardware limitations. There are few VLANs configured on Adtran R1 (vlan 30) and few on Adtran R2 (vlan 40). I need intervlan routing between the 2 routers. The traffic from the vlans should pass through their respectives ISPs to utilize the bandwidth from both ISPs. Servers are directly connected to the Adtran routers (it is also a 24 port switch with firewall in it)

R1 - 10.10.10.1

Vlan 30 - 10.10.30.1

server1 in vlan 30 - 10.10.30.10 has DG - 10.10.30.1

vlan 30 traffic should go through ISP1

R2 - 10.10.10.2

Vlan 40 - 10.10.40.1

server2 in vlan 30 - 10.10.40.10 has DG - 10.10.40.1

vlan 40 traffic should go through ISP2

I came to know the intervlan routing will not work in this scenario with the current code and the hardware and the reason as below

"Basically, when one router sends out an ICMP request to the other router, it makes it through the firewall just fine and get to the other side.

When the other server responds, it's sending its response to the second router. The router sees an ICMP response, but does not have any record in its firewall of an ICMP request. Since this activity can be indicative of an attack, it drops the packet"

I can ping the DG (10.10.40.1) from the server1 but cannot ping the server2 and viceversa.

So I am planning to replace atleast 1 Adtran unit (probably R2) with a Cisco 1700 unit with a switch behind and wanted to know if I come across the same problem?

Is there any other best way to set this up?

Please advise, Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Fri, 03/28/2008 - 12:45

Purchase a 3560 switch and configure Vlan30 and Vlan40 on it.

That should get you wiring speed inter-vlan routing.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_40_se/configuration/guide/swiprout.html#wp1034984

Note.- You don't need to configure a dynamic routing protocol for Vlan30 and Vlan40 inter-vlan routing. Routes will appear as connected in the switch routing table. All you need to do is enable ip routing and configure the Switch Virtual Interface with its respective IP Address.

HTH,

__

Edison.

techtips03 Fri, 03/28/2008 - 13:35

Hi Edison

Thanks for the reply. I know this works if I use different switches and the routers without any routing. Unfortunately I do not have budget to buy the new equipment and trying to use the existing 1700 router.

Thanks

Actions

This Discussion