Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Donate Today!

Do you enjoy these
technical forums?
Donate Today! Click Here

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Netcreen 208's active/active cluster

esexon1 (IS/IT--Management)
26 Aug 04 18:45
I have setup a active/active cluster using Netsreen 208's running os.5.0.0r8.0

The netscreen is configured as follows:
ethernet1 0.0.0.0/0 Untrust Layer3 active Edit
ethernet2 0.0.0.0/0 Untrust Layer3 active Edit
ethernet3 0.0.0.0/0 Trust Layer3 active Edit
ethernet4 0.0.0.0/0 Trust Layer3 active Edit
ethernet5 0.0.0.0/0 DMZ Layer3 active Edit
ethernet6 0.0.0.0/0 DMZ Layer3 active Edit
ethernet7 0.0.0.0/0 HA Layer3 up Edit
ethernet8 0.0.0.0/0 Null Unused down Edit

redundant1 x.x.x.x/26 Untrust Redundant active Edit
redundant1:1 x.x.x.x/26 Untrust Redundant inactive Edit
redundant2 192.168.168.1/24 Trust Redundant active Edit
redundant2:1 192.168.168.2/24 Trust Redundant inactive Edit Remove
redundant3 192.168.169.1/24 DMZ Redundant active Edit
redundant3:1 192.168.169.2/24 DMZ Redundant inactive Edit Remove
vlan1 0.0.0.0/0 VLAN Layer3 inactive

Netscreen A - VSI 0 = 1
Netscreen B - VSI 0 = 100
Netscreen A - VSI 1 = 100
Netscreen B - VSI 1 = 1

The 2 netscreens are cabled in a full mesh with 2 Cisco 2950's
The Cisco switches are trunked and each consist of 3 vlans'
Vlan 2 - Untrust
Vlan 3 - Trust
Vlan4 - DMZ

Plugged into the switches are debian servers running bonded (teamed) interfaces.

DB 1 - Debian ( trust)
IP 192.168.168.10
GW 192.168.168.1

DB 1 - Debian can ping
192.168.168.1
192.168.168.2
192.169.169.1
but not 192.169.169.2??

Web 1 - Debian (DMZ)
IP 192.169.169.10
GW 192.169.169.1

Web1 can ping
192.169.169.1
192.169.169.2
192.168.168.1
but not
192.168.168.2??

Everything else is working fine except for not being able to ping all 4 gateways configured on the firewalls. I have tried pinging from the switches but I get the same problem.

I have never setup active/active before so I was wondering whether this was the default behaviour.

Has anybody else got any ideas.
Thanks
Evan
Packet7 (IS/IT--Management)
28 Aug 04 19:19
Hello,

What happens when your Trace?  Do they default out one of the Firewalls?

Rgds,

John

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close