Hi all, Have a question. We have a firewall that is participating in OSPF with two cores (S4's). The firewall has a dmz port C, port A is connected to a port on Core1, port B is connected to Core2. The user vlan is connected to both cores with VRRP running. When initiating an SSH session to a dmz server we see the SSH request come into port A of the firewall which is the shortest path from user to server. The response intermittently will come out of port B of the firewall. The path cost from the server back to the user is equal cost. We are experiencing intermittent connectivity issues to these servers behind the firewall, not only SSH. Nowhere else on the network are we having issues when the error occur. So far today with port B of the firewall disconnected we have not seen an issue. If we elevate the path cost on one link then all returning traffic will use that exit port but then we will lose our attempt to load balance by creating multiple return paths. My question(s) 1) shouldn't the fw send the response out the same port (A) that the request came in on?? 2) eventually we wanted to use vrrp to load balance traffic across the cores which would mean that server requests would come into both port A and B of the firewall. We would like the firewall to adhere to that load balancing by returning traffic back on the same link. Is there a way to force this using OSPF?. 3) is there another answer for doing this? thanks in advance walt
--- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
