06-17-2010 04:35 AM - edited 03-04-2019 08:48 AM
We have a Cisco 3700 router that has been working for years using the default route 'route ip 0.0.0.0 0.0.0.0 F0/0'. Strangely, our connection(in/out) suddenly dropped and the only solution that worked was to set the default route to 'route ip 0.0.0.0 0.0.0.0 1.1.1.99'.
ISP's provided gateway 1.1.1.99
F0/0 - 1.1.1.100
F0/1 - 2.2.2.100
Any idea what happened?
Thanks
06-17-2010 05:58 AM
Hello Emmanuel,
the provider has disabled proxy ARP on its interface for security reasons
note that the right configuration is the new one in order to minimize ARP table size.
With Proxy ARP an ARP request was made for all new destination addresses to the internet, with ISP router that collaborated giving back in answer its MAC adddress (the same answer for each request)
With new configuration the router makes an ARP request for the next-hop and uses it for all IP addresses
Some other colleague had routers crashed by the ARP table becoming too big you have been lucky to run the router for years
see
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml
Hope to help
Giuseppe
06-18-2010 12:22 AM
Thank you for the very informative response Giuseppe.
Here is another :-)
Will it make a difference if I set the default route of our firewall directly to our ISP? See example below.
Current setup.
Inbound: ISP(1.1.1.99) --> (F0/0 1.1.1.100)Router(F0/1 2.2.2.100) --> (Out 2.2.2.99)Firewall(In 3.3.3.99) --> LAN(3.3.3.0)
Outbound: LAN --> Firewall --> Router --> ISP
Router's default route set to route 0.0.0.0 0.0.0.0 1.1.1.99
Firewall's default route set to route 0.0.0.0 0.0.0.0 2.2.2.100
New.
Inbound: ISP(1.1.1.99) --> (F0/0 1.1.1.100)Router(F0/1 2.2.2.100) --> (Out 2.2.2.99)Firewall(In 3.3.3.99) --> LAN(3.3.3.0)
Outbound: LAN --> Firewall --> ISP
Router's default route set to route 0.0.0.0 0.0.0.0 1.1.1.99
Firewall's default route set to route 0.0.0.0 0.0.0.0 1.1.1.99
Again thanks for the answer.
Manny
06-18-2010 02:07 AM
I have some doubts about the New Setup.
Because, Like to know that if the Firewall can reach the ISP by-passing the Router.
I think it'll be the same, because the all the traffic is going out through the Router to ISP
Regards,
Dasuntha
06-19-2010 06:17 AM
Yes it can reach our ISP.
06-19-2010 06:22 AM
So, Firewall is reaching the ISP through the Router?
You can check it by running a traceroute.
06-20-2010 05:28 PM
traceroute shows both goes through the router. so i guess it makes no difference.
06-21-2010 08:50 PM
yes, correct.
It'll be the same.
Regards,
Dasuntha
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: