05-03-2007 06:10 AM - edited 03-03-2019 04:48 PM
Dual Cisco2821's with Dual ISA Servers on a DMZ.
ISA uses virtual IP's. Want redundant Static NAT's trhu single virtual from ISA but on BOTH Cisco2821's for fail-over.
Get duplicat IP in logs.
Suggestions/Experience??
05-09-2007 07:05 AM
The error messages do not necessarily indicate an HSRP problem. Rather,the error messages indicate a possible Spanning Tree Protocol (STP) loop or router/switch configuration issue. The error messages are just symptoms of another problem.
Kindly send the error messages logged for an accurate analysis
05-09-2007 08:46 AM
Are you using microsoft NIC teaming ?
router configs ?
05-09-2007 02:01 PM
Dual ISA Boxes using NLBS into DMZ on Cisco2821's.
Using HWIC-4ESW's in each 2821.
2 ports for HSRP and ISA DMZ
2 ports for HSRP and Internet Access
I have static NAT with 3 x IP's (using SNAT as per TAC).
The three static NAT IP's start showing up as duplicate IP's on both th Cisco2821 logs.
Thanks,
Bob
05-09-2007 02:12 PM
Hi,
I would need to see both router configs and how they are connected :)
05-09-2007 05:03 PM
Here is a Visio plus the 2 x configs.
** Please keep confidential **
Thanks,
Bob
Log file
Log Buffer (20000 bytes):
*May 9 17:35:31.691: %IP-4-DUPADDR: Duplicate address 69.46.102.124 on Vlan5, sourced by 001b.533b.0ec0
*May 9 17:36:01.691: %IP-4-DUPADDR: Duplicate address 69.46.102.124 on Vlan5, sourced by 001b.533b.0ec0
*May 9 17:45:01.714: %IP-4-DUPADDR: Duplicate address 69.46.102.123 on Vlan5, sourced by 001b.533b.0ec0
*May 9 17:48:31.724: %IP-4-DUPADDR: Duplicate address 69.46.102.126 on Vlan5, sourced by 001b.533b.0ec0
05-10-2007 01:39 PM
Hi,
Unfortunately I cannot visualize the visio file.
Anyway, the thing is that you cannot have the same public address configured on both routers for the same sources. Even if HSRP is supposed to get traffic to one router only at time, packet can be emitted sent from ISA to the other router too, arp propagate and the conflict is detected. It may work fine and you can live with the error log, but I would recommend that you check you nic teaming to work in bridge mode to the router / switchs, so that one link is kept down all the time.
That should make packets go to one router only - the hsrp active.
Hope this helps, please rate post if it does!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide