Dear All,

Let me brief the whole scenario :

There two locations with two Internet link from one ISP.

Both are sending default Route via BGP.

From CE router two part of /24 segments are advertising with different AS-Prepend to get priority at vice- a -versa fashion.

From CE router for specfic half part (/24 segment ), static router is there pointing to respective Firewall. and from Firewall Default route to respective standby IP address.

At both location same configuration is there with different IP address.

Let me talk about 1st location.

• Router LAN interface , Firewall connectivity to other location switch all are in the same Vlan.
  
• Router is getting Default Internet route from ISP using BGP.
  
• Static route for /24 Internet segment is pointign to Firewall External IP address.
  
• Firewall is pointing to Internet Router with Default router that isstandby IP address.
  
• Firewall External IP address is with /24 subnetmask. (1st Half part)
  
• Setup is working perfectly but for establishing the redundancy using HSRP, we have configured HSRP on Router LAN interface and chaged the subnet mask of LAN interface to /23 which is previously /24.
  

Issue We are facing :

1. When subnetmask changed to /23 for Router LAN interface and HSRP configured (Physical IP address was changed with new one and existing Physical IP address was used for standby (HSRP) IP address so that I need not to change Firewall Default Route but after that i am unable to ping Firewall external IP address, new standby interface Ip address and Lan interface Physical IP address.

2. Even I can not ping Firewall ip address from Router with so = Lan interface of router.

3. I can not ping the ROuter Physical IP address and Standby Ip address from Firewall also.

We have tried the same post clearing arp also.

We have tried after chaning the subnetmask of firewall external IP address with /23 subnet mask.

Configuration :

Location A

Internet Router

interface GigabitEthernet0/0

description *** Inside Interface of Internet Router ***

ip address 11.11.11.3 255.255.254.0

standby 5 ip 11.11.11.1

standby 5 priority 150

ip route 11.11.11.0 255.255.255.0 11.11.11.2

Cisco ASA Firewall :

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address 11.11.11.2 255.255.255.0 standby 11.11.11.4

route Outside 0.0.0.0 0.0.0.0 11.11.11.1 1

Can any one look in too what is any issue?

Hi,

I'm missing the point why are you changing the subnet masks (your original diagram is even showing a 255.255.255.254 mask?)?

But as you say "When subnetmask changed to /23 for Router LAN interface and HSRP configured (Physical IP address was changed with new one and existing Physical IP address was used for standby (HSRP) IP address ...",

are you sure the ARP cache on the FW was really cleared?

Can you check the ARP entries on both your router and FW?

FWs sometimes don't reply to Pings on their external interfaces.

Are the users also not able to connect to the Internet from your Location A or is it just router/FW not replying to Pings?

Best regards,

Milan

Dear All,

Latest update :

While drilled down the issue, I have found that when  I am adding static route 11.11.11.0 255.255.255.0 11.11.11.2 on Router , the ping is stopped between Router and Firewall.

In ROuting Table of Router :

one Statioc route : 11.11.11.0 255.255.255.0 11.11.11.2 (Firewall External IP address)

one Directly connected route : 11.11.11.0 255.255.254.0 11.11.11.2 (Firewall External IP address)

On Firewall :

route : 0.0.0.0 0.0.0.0 11.11.11.1 (standby ip address of Router LAN side).

Please suggest where is the issue.

Regards