Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hllrdm
Contributor

Asymmetry in routes

We have a problem where we need to transfer traffic from the DMZ segment to another router.
We published a DMZ network via AntiDDoS systems through an R2 router. The firewall itself goes to the Internet through R1.
Traffic must be routed by the DMZ network through R2.
When we collect tcpdump we find a route asymmetry, that traffic comes from R2 and goes to R1.
We created a PBR so that traffic from the LAN goes one route and traffic to the Internet goes through router R2. I think I configured the PBR incorrectly. How to set PBR correctly, maybe there is a recommendation?

Additional information:
I set up NAT to the Internet for server x.x.x.100 through address x.x.189.14.
And also ProxyArp x.x.189.14 to aders 172.x.x.244

Scheme.jpg

 

PBR.jpg

dump.jpg

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

Did you involve TAC already ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Hllrdm
Contributor

No, I did not start SR in TAC. I wanted to learn from my colleagues. TAS usually does not help with settings of new solutions

0 Kudos
G_W_Albrecht
Legend Legend
Legend

If you did follow documented processes (R81.20 Gaia Advanced Routing Administration Guide - Policy Based Routing, sk100500: Policy-Based Routing (PBR) on Gaia OS) but it does not work as expected, you can ask TAC for help. They will not perform what CP Professional Services does but will assist you in resolving the issue.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Hllrdm
Contributor

We think the PBR is working, but may have misconfigured it. Either the traffic doesn't go to PBR and we need to write the policy differently

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events