[nsp] HSRP and Netscreen Firewalls

Larry Rosenman ler at lerctr.org
Fri Jan 10 09:58:49 EST 2003 

Steve,
   What is set arp always for?  The routers? or something else?

I've never heard of it, but occasionally have seen wierdness with my HSRP 
between
some routers of mine.

Please enlighten me/us.

Thanks,
LER


--On Friday, January 10, 2003 09:42:20 -0600 Stephen Gill 
<gillsr at yahoo.com> wrote:

> Also make sure 'set arp always' is enabled - key for HSRP environments.
>
> -- steve
>
> -----Original Message-----
> From: Stephen Gill [mailto:gillsr at yahoo.com]
> Sent: Friday, January 10, 2003 9:40 AM
> To: 'Ian Terry'; 'cisco-nsp at puck.nether.net'
> Subject: RE: [nsp] HSRP and Netscreen Firewalls
>
> A few things you might wish to check:
>
> 1.  Check what OS version you are running.  May require an upgrade.
> 2.  Ensure that 'set flow mac-flooding' is enabled.
> 3.  Ensure that you have created a policy that matches the traffic to
> allow it through.
>
> -- steve
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ian Terry
> Sent: Friday, January 10, 2003 9:06 AM
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] HSRP and Netscreen Firewalls
>
> Hello,
>
> We have a customer who has dual peering links with two different
> providers that are maintained via Cisco 7500 routers
>
> Behind the routers the customer has Netscreen Firewalls that are
> configured to operate in transparent mode.
>
> The routers are running HSRP and unfortunately the multicasting of HSRP
> does not appear to be allowed through the Firewall - even though
> Netscreen claim that it should. If the Firewall is removed, then HSRP
> works fine.
>
> Does anybody have an experiences similar to this ?
>
> regards, Ian
>
> tel:   44 (0)7970 499187
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler at lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

More information about the cisco-nsp mailing list