EasyManua.ls Logo

ELTEX ESR-21 - 14.3 Firewall;NAT failover configuration

Default Icon
650 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ESR series service routers.ESR-Series. User manual
528
Solution:
There is no need in any changes in router R2, since subnet 10.0.1.0/24 is terminated on it and as soon as
router R2 is vrrp master, packets will be transmitted to corresponding interface. As soon as R1 becomes vrrp
master, route for packets must be created with destination IP address from network 10.0.1.0/24.
Create track-object with corresponding condition:
R1(config)# track 1
R1(config-track)# track vrrp id 10 state master
R1(config-track)# enable
R1(config-track)# exit
Create static route to subnet 10.0.1.0/24 through 192.168.1.2, which will work in case of satisfying of track 1
condition:
R1(config)# ip route 10.0.1.0/24 192.168.1.2 track 1
14.3 Firewall/NAT failover configuration
Firewall failover is required to reserve firewall sessions.
14.3.1 Configuration algorithm
Step Description Command Key
1 Select the routers communication
mode.
ip firewall failover sync-type
<MODE>
<MODE> – communication mode:
unicast – unicast mode;
multicast – multicast mode.
2 Select the IP address of the network
interface from which messages will
be sent when the Firewall is running
in session reservation mode.
ip firewall failover source-
address <ADDR>
<ADDR> –IP address of the sender
network interface, defined as
AAA.BBB.CCC.DDD where each part
takes values of [0..255].
3 Set neighbor's IP address when
reserving Firewall sessions in unicast
mode.
ip firewall failover destination-
address <ADDR>
<ADDR> – neighbor IP address,
defined as AAA.BBB.CCC.DDD
where each part takes values of
[0..255].
Configuring multicast IP address that
will be used to exchange information
when the Firewall session backup is
in multicast mode.
ip firewall failover multicast-
address <ADDR>
<ADDR> –multicast IP address,
defined as AAA.BBB.CCC.DDD
where each part takes values of
[0..255].
4 If Firewall session reservation works
in multicast mode, then it is
necessary to configure the multicast
group ID.
ip firewall failover multicast-
group <GROUP>
<GROUP> – multicast group,
specified in range [1000..9999].

Table of Contents

Related product manuals