Dynamic Routing And Failover - Cisco PIX 500 Series Configuration Manual

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Table of Contents

Dynamic Routing and Failover

For example, a packet destined for 192.168.32.1 arrives on an interface of a security appliance with the

following routes in the routing table:

hostname# show route

In this case, a packet destined to 192.168.32.1 is directed toward 10.1.1.2, because 192.168.32.1 falls

within the 192.168.32.0/24 network. It also falls within the other route in the routing table, but the

192.168.32.0/24 has the longest prefix within the routing table (24 bits verses 19 bits). Longer prefixes

are always preferred over shorter ones when forwarding a packet.

Dynamic Routing and Failover

Dynamic routes are not replicated to the standby unit or failover group in a failover configuration.

Therefore, immediately after a failover occurs, some packets received by the security appliance may be

dropped because of a lack of routing information or routed to a default static route while the routing table

is repopulated by the configured dynamic routing protocols.

Cisco Security Appliance Command Line Configuration Guide

If the destination matches more than one entry in the routing table, and the entries all have the same

network prefix length, the packets for that destination are distributed among the interfaces

associated with that route.

If the destination matches more than one entry in the routing table, and the entries have different

network prefix lengths, then the packet is forwarded out of the interface associated with the route

that has the longer network prefix length.

192.168.32.0/24 [120/4] via 10.1.1.2

192.168.32.0/19 [110/229840] via 10.1.1.3

Configuring IP Routing

Asa 5500 series