On Wed, Jun 22, 2011 at 6:27 PM, Bret Palsson <[email protected]> wrote: > I am using OSPFv2 between the CERs and the Firewalls. >Failover works just fine, however when I fail an OSPF link >that has the active default route, ingress traffic still routes >fine and dandy, but egress traffic doesn't. Both Netiron's >OSPF are setup to advertise they are the default route.
Hi Bret, I have a setup that is almost identical except there is a pair of simple switches between the routers and firewalls interconnecting all into a LAN and I'm working with Cisco 2811's instead of Netiron CERs. Can you expand on the interface addressing and what the firewalls see via OSPF during your failure scenario? > What I'm wondering is, if OSPF is the right solution for >this. How do others solve this problem? My failover firewall also connects to the switches (inside and out) and turns down ports which connect to the primary firewall. During a failure, the primary can't be depended on to completely take itself out of line. If it was in a working state that could be depended on, it wouldn't have failed. Regards, Bill Herrin -- William D. Herrin ................ [email protected] [email protected] 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
