ProxySG may send ICMP replies via multiple interfaces when there are more than 1 default gateway configured


Article ID: 166833


Updated On:


ProxySG Software - SGOS


You have :
- more than one interface configured for different IP networks
- each interface has its own ip-default-gateway on its respective network
- return-to-sender inbound enabled
- a workstation from a remote network sends continuous ICMP PING to the first interface of the ProxySG

As there are more than 1 ip-default-gateway configured, the ProxySG will load balance through all the configured ip-default-gateways.

Note: The return-to-sender setting does not affect ICMP


If response to certain ICMP request must be done from any particular IP gateway, we can get around this by entering a static route for the source subnet via one of the SG gateways.

Example :

!- BEGIN networking
interface 0:0 ;mode
ip-address  <<<<< Network A
interface 1:0 ;mode
ip-address  <<<<< Network B
ip-default-gateway 1 100  <<<<< Default gateway via Network A
ip-default-gateway 1 100  <<<<< Default gateway via Network B

When a remote workstation sends continuous ICMP PING requests to, ProxySG will send ICMP PING replies via interface 0:0 and interface 1:0. As we assigned an equal weight to both the ip-default-gateways, ProxySG will send ICMP replies via each interface alternately.

If you need ProxySG to reply via a single interface, you can add a static route to the remote workstation through a specific gateway. For example :

SG200#config terminal
SG200#(config)inline static-route-table eof