ProxySG may send ICMP replies via multiple interfaces when there are more than 1 default gateway configured

book

Article ID: 166833

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You have :
- more than one interface configured for different IP networks
- each interface has its own ip-default-gateway on its respective network
- return-to-sender inbound enabled
- a workstation from a remote network sends continuous ICMP PING to the first interface of the ProxySG

As there are more than 1 ip-default-gateway configured, the ProxySG will load balance through all the configured ip-default-gateways.

Note: The return-to-sender setting does not affect ICMP

Resolution

If response to certain ICMP request must be done from any particular IP gateway, we can get around this by entering a static route for the source subnet via one of the SG gateways.

Example :

!- BEGIN networking
interface 0:0 ;mode
ip-address 192.168.101.2 255.255.255.0  <<<<< Network A
exit
interface 1:0 ;mode
ip-address 192.168.102.2 255.255.255.0  <<<<< Network B
exit
.....
ip-default-gateway 192.168.101.1 1 100  <<<<< Default gateway via Network A
ip-default-gateway 192.168.102.1 1 100  <<<<< Default gateway via Network B
.....


When a remote workstation sends continuous ICMP PING requests to 192.168.101.2, ProxySG will send ICMP PING replies via interface 0:0 and interface 1:0. As we assigned an equal weight to both the ip-default-gateways, ProxySG will send ICMP replies via each interface alternately.

If you need ProxySG to reply via a single interface, you can add a static route to the remote workstation through a specific gateway. For example :

SG200#config terminal
SG200#(config)inline static-route-table eof
172.22.22.22 255.255.255.255 10.105.13.1
eof
SG200#(config)exit
SG200#