I have a network which is not very complicated. As in the attached diagram, I have 2 ISPs coming into my network terminated on 2 Adtran routers. There is no load balancing configured due to hardware limitations. There are few VLANs configured on Adtran R1 (vlan 30) and few on Adtran R2 (vlan 40). I need intervlan routing between the 2 routers. The traffic from the vlans should pass through their respectives ISPs to utilize the bandwidth from both ISPs. Servers are directly connected to the Adtran routers (it is also a 24 port switch with firewall in it)
R1 - 10.10.10.1
Vlan 30 - 10.10.30.1
server1 in vlan 30 - 10.10.30.10 has DG - 10.10.30.1
vlan 30 traffic should go through ISP1
R2 - 10.10.10.2
Vlan 40 - 10.10.40.1
server2 in vlan 30 - 10.10.40.10 has DG - 10.10.40.1
vlan 40 traffic should go through ISP2
I came to know the intervlan routing will not work in this scenario with the current code and the hardware and the reason as below
"Basically, when one router sends out an ICMP request to the other router, it makes it through the firewall just fine and get to the other side.
When the other server responds, it's sending its response to the second router. The router sees an ICMP response, but does not have any record in its firewall of an ICMP request. Since this activity can be indicative of an attack, it drops the packet"
I can ping the DG (10.10.40.1) from the server1 but cannot ping the server2 and viceversa.
So I am planning to replace atleast 1 Adtran unit (probably R2) with a Cisco 1700 unit with a switch behind and wanted to know if I come across the same problem?
Note.- You don't need to configure a dynamic routing protocol for Vlan30 and Vlan40 inter-vlan routing. Routes will appear as connected in the switch routing table. All you need to do is enable ip routing and configure the Switch Virtual Interface with its respective IP Address.
Thanks for the reply. I know this works if I use different switches and the routers without any routing. Unfortunately I do not have budget to buy the new equipment and trying to use the existing 1700 router.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...