I have very simple topology
Huawei switch Eth-trunk----------------Aggregation Palo alto ------------P2P------- Router
In Huawei switch
created two vlan's vlan 10 , vlan 20
interface vlan 10
ip address 172.16.1.100
interface vlan 20
ip address 172.16.2.100
ip static-route 0.0.0.0 0.0.0.0 172.16.1.100
In palo alto
Aggregation with two sub-interfaces
vlan tag 10
ip address 172.16.1.1 255.255.255.0
vlan tag 20
ip addreass 172.16.2.1 255.255.255.0
Interface toward Router
ip address 172.19.1.1 255.255.255.0
default route 0.0.0.0 0.0.0.0 172.19.1.4
In the router
interface toward firewall
ip address 172.19.1.2 255.255.255.0
default route 0.0.0.0 0.0.0.0 172.19.1.1
From Huawei switch
I can ping 172.19.1.4 when the source will be 172.16.1.100 but when the source will be 172.16.2.100 , I can not ping
When I changed the default route in the huawei switch to be 0.0.0.0 0.0.0.0 172.16.2.100
at this time I can ping 172.19.1.4 when the source will be 172.16.2.100 but I can not ping 172.19.1.4 when the source will be 172.16.1.00
something wrong in the Palo alto when handling the return echo-reply if the return path is different
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!