Devices within each of the networks can reach each other, it's just the gateways that can't reach each other across the tunnel. In any case, you can't ping any of the branch offices FGT from the main office FGT. But then the IP it is looking up to is a locally attached network. However this is the same config on the FGT on the head office network and it looks up without issue. I would assume it would use the IP on the lan network, but as I think of it, the system DNS lookup goes to the wan dns server. It is a good question about what IP the FGT uses when it tries to do the DNS lookup. Perhaps I need to create a static route or a policy route for the FGT ip to the tunnel? I just can't get the branch office working and it appears to be that the FGT at the branch office can't reach the main office network. The loopback address allows a network administrator to treat the local machine as if it were a remote machine. 0.1, and pinging this address will always return a reply unless the firewall prevents it. Sending 5, 100-byte ICMP Echos to 2.2.2. In a TCP/IP network, the loopback IP address is 127.0. R1 ping 2.2.2.2 Type escape sequence to abort. You (a system administrator, network administrator, or end user) can use this procedure to configure the loopback interface on your device. Let’s ping the loopback IP address from both R1 and R2. I have a fortigate 60e on the head office network and it's working fine looking up the the AD dns server using this config. Junos OS creates a separate loopback interface for the internal routing instance, which prevents any filter on from disrupting internal traffic. I'm using this document as a reference setting this up.Īlso, I have the AD DNS server configured to allow zone transfers. Without AD DNS, I'm going to have problems if I start deploying AD windows desktops at the remote offices. Users may assume that IPv4 and IPv6 address queries for localhost names will always resolve to the respective IP loopback address. As with the loopback interface on your PC, loopback interfaces on Cisco devices are local to those devices only. The problem is that everything has to be done with IP's. I understand your confusion indeed for what I read from the rfc6761 about 'Special-Use Domain Names' 6.3, about the name localhost. fill out the form & at the Extended commands choose/type Y and enter the source address. I am also able to RDP into clients on the remote office network from the head office. I already have clients at the remote office using drive mappings on the file servers at the main office. No packet fragmentation or VPLS Control word bullshit nor frame drops nor MTU mismatch.Both networks can reach each other just fine. Nothing breaks, because layer 3 MTU matches correctly between each termination 元, so PMTUD does it's job. My loopbacks are all 9k 元 MTU, most of my paths are 9k 元 MTU back-to-back, but some paths are 1500, some paths like wireless are 1500 on layer 3, but 1600 on layer 2 on the radios, but 9k L2 and 元 MTU on the transport ports on my PE router and P for example. Don't justify to yourself with this "1600" cap, do 9k MTU on the PHYs everywhere when possible to ensure future overhead room for anything. MTU itself is a piece of cake, however, when your network has all types of devices with varying MTUs, proper planning is required. MTU design and training, is often something I don't see very often in network training programmes and certs. 元 MTU should be 9k in the backbone on the physical ports, but you cap it wherever required on the layer 3 sub interface, such as LACP bonding to your upstream devices or the 元 VLAN interface towards another device etc PMTUD works correctly in ALL paths and directions (MPLS TE? LDP? OSPF? BGP? GRE? WireGuard? Bridge, VLAN, VPLS? Etc)Ģ. Layer 3 MTU needs to be designed in a way that it ensures:ġ. I mean, wireless paths, technically, can do 9k MTU for layer 2 if the vendor supports, like some units from Ubiquiti.īut the point is, layer 2 MTU should always be MAXED out on ALL Devices, even if it's different between them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |