Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nima_Chogyal
Contributor
Jump to solution

icmp redirects

The customer has SAP servers in a remote site. The p2p connection coming from remote site is connected to the coreswitch.The inbound and outbound traffic to reach the remote site from the local LAN is the same interface.I configured ICMP redirects on the gateway and is persistent after reboots. Also configured Nat policies and also the routes are in place. And its working. heres the funny part, its working on few of the laptops and not working for others.I have uploaded the screenshots of both working and not working nodes. What could be the issue? I tried no-NAT and inside NAT and the situation remains the same.The gateways OS is r80.10 and im thinking of upgrading it to r81.10 on a 3200 appliance with 8gb RAM. i dont know if thats a wise move. 

0 Kudos
1 Solution

Accepted Solutions
Lloyd_Braun
Collaborator

You really don't want to build in a dependency on ICMP redirects as they are unreliable. 

 

1. add interface to firewall and hang p2p connection off of that instead of core switch, so the default gateway of laptops gets you to remote site

2. add static routes to laptops

3. hairpin double NAT on firewall

 

#2 not great but cleaner than relying on ICMP redirects for operation

#3 i think you could make work, but pretty kludgy

View solution in original post

0 Kudos
1 Reply
Lloyd_Braun
Collaborator

You really don't want to build in a dependency on ICMP redirects as they are unreliable. 

 

1. add interface to firewall and hang p2p connection off of that instead of core switch, so the default gateway of laptops gets you to remote site

2. add static routes to laptops

3. hairpin double NAT on firewall

 

#2 not great but cleaner than relying on ICMP redirects for operation

#3 i think you could make work, but pretty kludgy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events