Solved

ICMP Redirects on Network

Posted on 2007-03-19
5
838 Views
Last Modified: 2013-11-29
We have several remote offices connected to the HQ via PIX to PIX L2L Ipsec tunnels.

The remote offices are reporting performance issues.  For diagnostics, I am using hrping.

During pings, I am getting a large number of ICMP Redirects

C:\Documents and Settings\hannibal>hrping pvl
This is hrPING v2.34 by cFos Software GmbH -- http://www.cfos.de

Pinging pvl [10.1.4.1]
with 64 bytes data (92 bytes IP):

Reply from 10.1.4.1: seq=0000 time=21.667ms TTL=128 ID=a97d
Reply from 10.1.4.1: seq=0001 time=21.583ms TTL=128 ID=a97f
Reply from 10.1.13.199: redirect for network; seq=0002 time=0.460ms
Reply from 10.1.4.1: seq=0003 time=21.449ms TTL=128 ID=a981

Sometimes redirects represent 50-70% of results.

The network is pretty simple.  10.1.13.199 is the gateway L3 switch (Cisco 3550-48 L3).  It's default gateway is a PIX 506e (6.3(5)).  The PIX does an IPSec VPN.  The outside of the PIX connects with a 2611, connected to a T1.

No dual gateways or anything that could be causing ICMP Redirects.

Any ideas why I am seeing this?
0
Comment
Question by:RPPreacher
5 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
Comment Utility
0
 
LVL 20

Author Comment

by:RPPreacher
Comment Utility
No help at all.  And RTFM is not an appropriate expert exchange answer.
0
 
LVL 2

Accepted Solution

by:
jaredcall earned 500 total points
Comment Utility
When a router sends a network redirect, it is essentially saying "you shouldn't use me as as a router to get there.  Use this other router instead."

These can be sent by a node that's not a router, but other nodes have configured as their default gateway.

-jared
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
RPPreacher,

 Would be it possible for a quick ascii diagram  with ip addresses ? IP redirects aren't bad, but without seeing the network we can decide if we can turn it off or not.

Cheers,
Rajesh
0
 
LVL 20

Author Comment

by:RPPreacher
Comment Utility
Per TAC, we turned off ICMP redirects.
Resolved.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now