Inter-VR Routing issue with public IP addressees

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inter-VR Routing issue with public IP addressees

L1 Bithead

 

Hi Team,

 

I’m running into an issue with inter-VR routing and need some help. Here are the details:

  • PA-1410 is connected to two ISPs.
  • A /27 IP range is advertised from both ISPs to the firewall.
  • We have P2P links between the firewall and each ISP, where the additional /27 and default route are advertised to our firewall.

Current Configuration:

  • Port 1/2: Configured with x.x.x.254/27 and sits in the public virtual router with the two ISP links.
  • Port 1/4: Configured with x.x.x.252/27 and sits in the private virtual router.
  • BGP is set up between port 1/2 and 1/4, advertising both the default route and the additional /27. These routes appear in both the RIB and FIB.

Issue:

  • NAT from inside to outside using x.x.x.252 works fine.
  • However, when we try to configure static one-to-one NAT (e.g., x.x.x.230/27), the firewall doesn’t route the traffic correctly - it assumes the machine is behind port 1/2 instead of port 1/4.

I’d appreciate your help in figuring this out. Please have a look at the attached diagram.

Additional Notes:

  • TCP/UDP traffic from the server to the internet is failing.
  • However, I can successfully ping and trace route to Google DNS.

Let me know your thoughts

Thanks,
Ahmed
1 accepted solution

Accepted Solutions

L1 Bithead

I’ve fixed the issue by splitting the /27 IP range into seven /30s and assigning one of them to interfaces 1/2 and 1/4. The rest of the IPs are now set on internal servers, with interface 1/4 as the gateway.

All working fine!

Thanks,
Ahmed

View solution in original post

1 REPLY 1

L1 Bithead

I’ve fixed the issue by splitting the /27 IP range into seven /30s and assigning one of them to interfaces 1/2 and 1/4. The rest of the IPs are now set on internal servers, with interface 1/4 as the gateway.

All working fine!

Thanks,
Ahmed
  • 1 accepted solution
  • 427 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!