03-16-2018 04:33 AM - edited 03-16-2018 04:48 AM
Hi,
We are configuring a new routing scenario but we are expecting problem taking the correct route.
This is our static route table:
destination interface gateway metric
10.50.1.0/24 eth1/1 10.50.250.1 1
10.50.2.0/24 eth1/1 10.50.250.1 1
10.0.0.0/8 eth1/5 10.50.50.4 10
If we run a "test routing fib.....", we can see all traffic going to 10.0.0.0/8 route. Although we have two /24 routes.
If we run a session to ip 10.50.2.10 (second route). The firewall is sending the traffic to gateway 10.50.50.4. Why???
We have two routes more restrictive and with more metric in order to take preference but its not working.
I undertand that the static routers election is:
1) Metric (less metric. more preference)
2) Restrictive route. Mask /8 is less preference than /24.
Why FW is taking the route /8??? We have had to create PBR in order to solve it.
03-20-2018 07:26 AM
Hi,
This is routing table:
flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp,
Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2
VIRTUAL ROUTER: Router Virtual (id 2)
==========
destination nexthop metric flags age interface next-
AS
10.0.0.0/8 10.50.50.4 10 A S ethernet1/5
10.47.1.0/29 10.50.250.1 1 A S ethernet1/1
10.47.2.0/29 10.50.250.1 1 A S ethernet1/1
10.47.3.0/29 10.50.250.1 1 A S ethernet1/1
10.47.4.0/26 10.50.250.1 1 A S ethernet1/1
10.47.6.0/24 10.50.250.1 1 A S ethernet1/1
10.50.1.0/24 10.50.250.1 1 A S ethernet1/1
10.50.1.0/26 10.50.1.1 0 A C ethernet1/2
10.50.1.1/32 0.0.0.0 0 A H
10.50.2.0/24 10.50.2.1 0 A C ethernet1/3
10.50.2.0/24 10.50.250.1 1 S ethernet1/1
10.50.2.1/32 0.0.0.0 0 A H
10.50.50.5/32 0.0.0.0 0 A H
10.50.250.0/29 10.50.250.2 0 A C ethernet1/1
10.50.250.2/32 0.0.0.0 0 A H
03-20-2018 07:42 AM
Is this a dump of show routing fib ? It looks a bit different on my 8.x device? Any chance you have policy based routing configured?
- Matt
03-20-2018 07:59 AM
PanOS version is 6.1.x.
The previous command was "show routing route"
The issue was solved configuring PBR in orfer to force the correct interface. That was done because routes werent working (even with more metric and restrict mask).
03-21-2018 02:17 PM
Hello,
The PAN has two routing tables, one for the routes and another for forwarding. The forwarding will be the one that the PAN uses to send the packets. As @mlinsemier pointed out, check out the FIB table as well.
Regards,
03-22-2018 02:41 AM
265 10.0.0.0/8 10.50.50.4 ug ethernet1/5 1500
289 10.47.6.0/24 10.50.250.1 ug ethernet1/1 1500
279 10.47.1.0/29 10.50.250.1 ug ethernet1/1 1500
280 10.47.2.0/29 10.50.250.1 ug ethernet1/1 1500
281 10.47.3.0/29 10.50.250.1 ug ethernet1/1 1500
282 10.47.4.0/26 10.50.250.1 ug ethernet1/1 1500
283 10.50.1.0/24 10.50.250.1 ug ethernet1/1 1500
284 10.50.2.0/24 0.0.0.0 u ethernet1/3 1500
232 10.50.1.0/26 0.0.0.0 u ethernet1/2 1500
231 10.50.1.1/32 0.0.0.0 uh ethernet1/2 1500
234 10.50.2.1/32 0.0.0.0 uh ethernet1/3 1500
261 10.50.50.5/32 0.0.0.0 uh ethernet1/5 1500
218 10.50.250.0/29 0.0.0.0 u ethernet1/1 1500
217 10.50.250.2/32 0.0.0.0 uh ethernet1/1 1500
285 10.128.0.0/16 10.50.250.1 ug ethernet1/1 1500
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
