03-26-2009 06:06 AM
Heres a good logic problem for you guys. I have enabled Track ip on my untrust interface pinging a public IP (220.127.116.11). My Firewall also has a default route pointing out this interface.
When I kill the ping from the firewall to the internet the interface goes down (as it should) thus causing the default route to dissapear ( as it should). When i re-allow the ping my issue arrises, The interface never comes back up.
This causes a bit of a chicken and egg problem:
The interface needs to be UP for my default route to be activated but i need the Default route to be there for the the Track IP to allow the Interface to come back up.......hmmm Weird!
Heres a log view of what happens when i kill the ping
2009-03-26 08:55:50 crit No interface/route enables the Track IP IP address 18.104.22.168 to be transmitted.
2009-03-26 08:55:46 crit Track IP failure reached threshold.
2009-03-26 08:55:45 crit Track IP IP address 22.214.171.124 failed.
This is being ran on an SSG-5 running 6.1.0r3.0
Also im killing the ping on an upstream Firewall so i never unplug any cables.
Solved! Go to Solution.
03-26-2009 09:34 AM
good question, luckily there is a solution as well
Read this post (bottom of the post)
Essentially, just create a static route for the IP (126.96.36.199/32) that is used in track-ip and send it to the default gw...
*** Don't forget to hit the Kudos button if my answer was helpful ***
03-28-2009 12:34 PM
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.