Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Netcreen 208's active/active cluster

Netcreen 208's active/active cluster

Netcreen 208's active/active cluster

I have setup a active/active cluster using Netsreen 208's running os.5.0.0r8.0

The netscreen is configured as follows:
ethernet1 Untrust Layer3 active Edit
ethernet2 Untrust Layer3 active Edit
ethernet3 Trust Layer3 active Edit
ethernet4 Trust Layer3 active Edit
ethernet5 DMZ Layer3 active Edit
ethernet6 DMZ Layer3 active Edit
ethernet7 HA Layer3 up Edit
ethernet8 Null Unused down Edit

redundant1 x.x.x.x/26 Untrust Redundant active Edit
redundant1:1 x.x.x.x/26 Untrust Redundant inactive Edit
redundant2 Trust Redundant active Edit
redundant2:1 Trust Redundant inactive Edit Remove
redundant3 DMZ Redundant active Edit
redundant3:1 DMZ Redundant inactive Edit Remove
vlan1 VLAN Layer3 inactive

Netscreen A - VSI 0 = 1
Netscreen B - VSI 0 = 100
Netscreen A - VSI 1 = 100
Netscreen B - VSI 1 = 1

The 2 netscreens are cabled in a full mesh with 2 Cisco 2950's
The Cisco switches are trunked and each consist of 3 vlans'
Vlan 2 - Untrust
Vlan 3 - Trust
Vlan4 - DMZ

Plugged into the switches are debian servers running bonded (teamed) interfaces.

DB 1 - Debian ( trust)

DB 1 - Debian can ping
but not

Web 1 - Debian (DMZ)

Web1 can ping
but not

Everything else is working fine except for not being able to ping all 4 gateways configured on the firewalls. I have tried pinging from the switches but I get the same problem.

I have never setup active/active before so I was wondering whether this was the default behaviour.

Has anybody else got any ideas.

RE: Netcreen 208's active/active cluster


What happens when your Trace?  Do they default out one of the Firewalls?



Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close