Create a Post
Showing results for 
Search instead for 
Did you mean: 

MDS with 2 interface, asymmetric routing issue

Hi there,

I’m trying to fix in my lab best configuration for MDS R81.10 HA that have strict security policy for interface access.

Architecture is like this:

  • bond1 (configured as leading interface) that can be reached only by appliance that have to be managed by various CMA. IP are like CMA1 , CMA2 , CMA3
  • eth0 (configured as leading interface too) that can be reached only for SmartConsole/ssh access. IP is

Customer security policy don’t want that can be reached for administration traffic, SmartConsole.

Routing is configured with default gateway pointing to on bond1 interface and with a static route to management subnet through the eth0.


If I connect to with SmartConsole I can access MDS environment but if I try to connect to active server of CMA my pc start a new session pointing to CMD IP (ex. and this can’t be valid for security policy.


My question is, there is a way to access CMA with SmartConsole through the eth0 and not through the bond1? Otherwise I have asymmetric routing issue.




0 Kudos
4 Replies

If you connect to<DomainName> (or connect to the MDS and pick the domain when it asks you which domain you want to connect to), it should connect SmartConsole to that CMA.

0 Kudos

Hi Bob,

yes I know, but the my client start a new session to the IP 191.168.1.x ...and that network can't be reached from management network (where I have SmartConsole).

There's a way to access only from this inerface?

0 Kudos

It is not supported to have more than 1 leading interface.

You can deploy new Windows jumpserver (with installed SmartConsole) which will be inside Second interface on this new Windows jumpserver can be within 

Kind regards,
Jozko Mrkvicka
0 Kudos

Thanks all,

documentation says that you need at least one leading interface. In my lab, infact, I created 2 different leading interface.

The bond1 interface (that have the VIP of the Domain) need to be accessed only by gateway

The eth0 intercase need to be the only one used from SmartConsole

There's a way to permit this configuration?

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events