04-03-2009 07:45 AM - edited 03-04-2019 04:13 AM
Hello everyone, I have a question and maybe someone can shade some light on it. Why would you want to have an ip route statement from your DMZ switch like the following:
ip route ISP_internetrouter_loopbackinterface 255.255.255.255 ISP_fastethernet0/1
I don't understand the purpose of it. The way I see it is if you want to go the loopback interface go through fa of the same router. Why?
Thank you for any input on this!!!
Cheers!
Solved! Go to Solution.
04-03-2009 09:13 AM
Agree it's not obvious and bear in mind it could have been added to try and get something working, the route made no difference and then the person forgot to remove it.
It's not clear what the topology is ie. your DMZ switch should only be able to get to the firewall interface not the ISP router or you run the risk of bypassing the firewall unless of course you are using DMZ in it's technically correct terminology which is the subnet between the outside of your firewall and the inside of the ISP router ?
Perhaps the ISP manages this switch from the loopback and they didn't want to advertise the loopback into OSPF so they used a static route.
Perhaps if you could clarify your topology. Is the DMZ connected directly to the ISP router and are they OSPF neigbors ?
Jon
04-03-2009 07:55 AM
Hi,
Is the DMZ switch running BGP? It's normal to have a static route pointing to a BGP peers loopback in order to bring up a BGP session (if update source has been set to loopback).
Regards
04-03-2009 07:59 AM
no, the DMZ switch is running OSPF 1 -
04-03-2009 09:13 AM
Agree it's not obvious and bear in mind it could have been added to try and get something working, the route made no difference and then the person forgot to remove it.
It's not clear what the topology is ie. your DMZ switch should only be able to get to the firewall interface not the ISP router or you run the risk of bypassing the firewall unless of course you are using DMZ in it's technically correct terminology which is the subnet between the outside of your firewall and the inside of the ISP router ?
Perhaps the ISP manages this switch from the loopback and they didn't want to advertise the loopback into OSPF so they used a static route.
Perhaps if you could clarify your topology. Is the DMZ connected directly to the ISP router and are they OSPF neigbors ?
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide