I have a situation where I would like manipulate how the traffic flows in an OSPF area of 3 devices connected via ethernet.
I have a CSS that is configured in one-armed config and it cannot be set up in any other logical layout. It is not configured with OSPF, but I it has the capability.
OSPF is configured on the PIXs and the edge router. All devices are in the same subnet. The edge router is distributing the default gateway from the edge router serial interface BGP into OSPF then to both PIX firewalls.
It has to stay dynamic for our failover scenarios.
When inbound traffic is destined for the servers it arrives on the edge router and is sent to the CSS service addresses via the ethernet and is redirected to either PIX depending on which server is active, this is all working.
The problem is when the servers initiate a connection, the OSPF distributed default gateway send the traffic directly to the router and the NAT address is from the PIX and not the CSS VIP address, which is what I want.
I would like the traffic to go the the CSS first, then back out the ethernet to the edge router, then to the Internet.
Can OSPF be configured to do this?
Is there any problem associated in doing this?
Any input would be greatly appreciated.