Hi all,
Here's my scenario: I have several NVR1750 (formerly Contivity) devices set up as a small network of branch offices. I have them set in a "full mesh" configuration, i.e. every box has a BO tunnel to every other box. When all the tunnels are up, it's dandy, but if the tunnel between box A and box B goes down, they can't talk anymore.
I have OSPF routing configured, and I can see the route table on boxes A and B update to indicate A can reach B, and B can reach A, through C. The route cost increases, but that is expected given there is now an additional hop involved for A to reach B.
However, pings between A and B fail and traffic does not pass. I have System -> Forwarding set to proxy ARP everything, and to allow end user-end user, end user-BO, and BO-BO. I do not, however, have the "Apply Packet Filter on Private to Tunnel Traffic" box checked, because I am using the Stateful Firewall. My firewall rules basically allow trusted and tunnel traffic to traverse unimpeded.
My understanding is that if the tunnel between A and B dies, they should be able to reach each other via C. That's pretty much one of the basic principles of this kind of networking.
Have I missed something obscure (or obvious) in setting this up?
Software on the boxes is a mix of 8_05.200 and 8_05.250. I will soon be upgrading all of them to .250.
Any help is appreciated, and thanked in advance!
Mike
Here's my scenario: I have several NVR1750 (formerly Contivity) devices set up as a small network of branch offices. I have them set in a "full mesh" configuration, i.e. every box has a BO tunnel to every other box. When all the tunnels are up, it's dandy, but if the tunnel between box A and box B goes down, they can't talk anymore.
I have OSPF routing configured, and I can see the route table on boxes A and B update to indicate A can reach B, and B can reach A, through C. The route cost increases, but that is expected given there is now an additional hop involved for A to reach B.
However, pings between A and B fail and traffic does not pass. I have System -> Forwarding set to proxy ARP everything, and to allow end user-end user, end user-BO, and BO-BO. I do not, however, have the "Apply Packet Filter on Private to Tunnel Traffic" box checked, because I am using the Stateful Firewall. My firewall rules basically allow trusted and tunnel traffic to traverse unimpeded.
My understanding is that if the tunnel between A and B dies, they should be able to reach each other via C. That's pretty much one of the basic principles of this kind of networking.
Have I missed something obscure (or obvious) in setting this up?
Software on the boxes is a mix of 8_05.200 and 8_05.250. I will soon be upgrading all of them to .250.
Any help is appreciated, and thanked in advance!
Mike