[nsp] HSRP and Netscreen Firewalls

Stephen Gill gillsr at yahoo.com
Fri Jan 10 09:42:20 EST 2003


Also make sure 'set arp always' is enabled - key for HSRP environments.

-- steve

-----Original Message-----
From: Stephen Gill [mailto:gillsr at yahoo.com] 
Sent: Friday, January 10, 2003 9:40 AM
To: 'Ian Terry'; 'cisco-nsp at puck.nether.net'
Subject: RE: [nsp] HSRP and Netscreen Firewalls

A few things you might wish to check:

1.  Check what OS version you are running.  May require an upgrade.
2.  Ensure that 'set flow mac-flooding' is enabled.
3.  Ensure that you have created a policy that matches the traffic to
allow it through.

-- steve

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ian Terry
Sent: Friday, January 10, 2003 9:06 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] HSRP and Netscreen Firewalls

Hello, 

We have a customer who has dual peering links with two different
providers that are maintained via Cisco 7500 routers

Behind the routers the customer has Netscreen Firewalls that are
configured to operate in transparent mode.

The routers are running HSRP and unfortunately the multicasting of HSRP
does not appear to be allowed through the Firewall - even though
Netscreen claim that it should. If the Firewall is removed, then HSRP
works fine. 

Does anybody have an experiences similar to this ? 

regards, Ian

tel:   44 (0)7970 499187

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list