Policy routing

Unanswered Question

Hi we have 2 firewalls on our internal network, each of them going out through different ISP's. Core network is dual 6509's with MSFS-2. We would like some of the servers to go out one of the firewall and the majority of users to go out the other firewall/link. How can this be accomplished? Will policy routing work or are there any other way to achieve this?

thanks for any help you can provide.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Thanks for the link, I have a few questions though:

We have multiple VLANs on the inside (users, servers, etc). Everything get routed by our MSFC's which have a default route pointing to a Pix firewall. Once we add the second Pix with the 2nd Internet link, what VLAN interfaces do I apply the policy maps in order for this to work?

For example the firewalls are sitting on VLAN 1 and the servers are sitting on VLAN 20, users on VLAN 10 etc. I would want the default gateway for the users to be one Pix and for some of the servers the other Pix. At the same time I don't want this policy to overwrite any stating/dynamic routing existing on the MSFC's which would send traffic destined to other offices to a different router or VPN box.

Thanks!

Edison Ortiz Fri, 10/19/2007 - 14:42

The policy route-map will be applied on the ingress interfaces Vlan before any routing takes place.

Thanks for the link, I have a few questions though:

We have multiple VLANs on the inside (users, servers, etc). Everything get routed by our MSFC's which have a default route pointing to a Pix firewall. Once we add the second Pix with the 2nd Internet link, what VLAN interfaces do I apply the policy maps in order for this to work?

For example the firewalls are sitting on VLAN 1 and the servers are sitting on VLAN 20, users on VLAN 10 etc. I would want the default gateway for the users to be one Pix and for some of the servers the other Pix. At the same time I don't want this policy to overwrite any stating/dynamic routing existing on the MSFC's which would send traffic destined to other offices to a different router or VPN box.

Thanks!

Actions

This Discussion