Hello everyone,
I have a problem using a VIP on a sub-IF.
I have a Cable connection in zone "Untrust" on "Trust-VR". 0.0.0.0 goes through this.
The situation is that I have a DSL connection on "ethernet0/4" assigned to zone "VDSL" and placed in virtual router "Untrust-VR". This connections works fine, we use if for VPN tunnels, routing to the "Trust" Network (placed in "Trust-VR") is configured statically in the routing table for "Untrust-VR".
My host has assigned me an IP-PACK (/29 network range) that is routed to my DSL connection IP.
I want to use VIP's on this IP PACK. I can't configure a VIP on an IP that is not in the range of the interface. Even when I configure a secondary IP in the IP-PACK range. However I can configure a MIP, and when I test this the MIP works fine!
When I create a sub-IF "ethernet0/4.1" and give it an IP of the range and then configure a MIP, the MIP works fine! If I configure a VIP, it does not error on me, but the VIP doesn't work even though there are policies in place.
BTW: The MIP and the VIP destination is an IP in the "Trust" zone assigned to the "Trust-VR". Policies are created from "VDSL" to "GLOBAL" with destination MIP(xxxxx) or VIP(xxxxx). Logging of the MIP policy shows successful connections, logging of the VIP policy stays empty.
Could someone explain to me why a MIP works but a VIP doesn't?
I think it must have something to do with routing that is different for MIP and VIP and the fact that I have 2 Virtual Routers in use. The destination belongs to the "Trust" zone in "Trust-VR" and the source is an (sub)interface in the "VDSL" zone in "Untrust-VR"
Thanks
Stan