Routing in one-arm mode?

holyera

Hi folks. I have a couple of AX3200s in HA active-passive mode, with several partitions. In one partition "test" I want it to have a connection to two different VLANs - EG. VLAN1 10.0.1.0 and VLAN2 10.0.2.0. I added a default route for 0.0.0.0/0.0.0.0 to VLAN1 gateway 10.0.1.1. Should I add other specific routes for both VLANS? I believe I may be having a problem that traffic going to the A10 device on 10.0.2.x is returning through the 10.0.1.1 gateway and being denied.
Thanks Tony

tmitsuhata

Hi Tony,
Your configuration looks correct (VLAN1 and VLAN2 are in the L3V partition "test" and a default route is configured with 10.0.1.1). Assuming you have similar "ip route" table as below:

ACOS[test]#show ip route
Gateway of last resort is 10.0.1.10 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.0.1.1, ve 101
C 10.0.1.0/24 is directly connected, ve 101
C 10.0.2.0/24 is directly connected, ve 102

So, what is the source IP address (or subnect) of the problematic traffic hitting 10.0.2.x? If it's not from 10.0.2.0/24, the return traffic will be routed to 10.0.1.1 gateway based on the routing table above. If you have specific network (IP subnets) coming through VLAN2, you may want to create static routes for those network (IP subnets) with associating with IP address in VLAN2.
Hope it helps.

holyera

Thank you for the answer....I would have had to create a lot of routes.
I found the solution through a support call. In the virtual service, I added the checkmark for "use received hop for response" - without that it was trying to use the gateway of last resort. For any partition where there are multiple networks involved, this check mark HAS to be on every virtual service that is configured in that partition. After that....smooth sailing.
Cheers!