Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
0
Helpful
4
Replies

Policy routing

mbjohnson
Level 1
Level 1

‎10-17-2007 03:20 PM - edited ‎03-03-2019 07:13 PM

Hi we have 2 firewalls on our internal network, each of them going out through different ISP's. Core network is dual 6509's with MSFS-2. We would like some of the servers to go out one of the firewall and the majority of users to go out the other firewall/link. How can this be accomplished? Will policy routing work or are there any other way to achieve this?

thanks for any help you can provide.

Labels:
0 Helpful
4 Replies 4

Edison Ortiz
Hall of Fame
Hall of Fame

‎10-17-2007 08:15 PM

Based on your requirement, Policy Based Routing (PBR) seems to be a feasible solution.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c/ch20/piconfig.htm#wp1001398

0 Helpful

mbjohnson
Level 1
Level 1
In response to Edison Ortiz

‎10-19-2007 02:36 PM

Thanks for the link, I have a few questions though:

We have multiple VLANs on the inside (users, servers, etc). Everything get routed by our MSFC's which have a default route pointing to a Pix firewall. Once we add the second Pix with the 2nd Internet link, what VLAN interfaces do I apply the policy maps in order for this to work?

For example the firewalls are sitting on VLAN 1 and the servers are sitting on VLAN 20, users on VLAN 10 etc. I would want the default gateway for the users to be one Pix and for some of the servers the other Pix. At the same time I don't want this policy to overwrite any stating/dynamic routing existing on the MSFC's which would send traffic destined to other offices to a different router or VPN box.

Thanks!

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to mbjohnson

‎10-19-2007 02:42 PM

The policy route-map will be applied on the ingress interfaces Vlan before any routing takes place.

0 Helpful

mbjohnson
Level 1
Level 1
In response to Edison Ortiz

‎10-19-2007 03:15 PM

Thanks for the link, I have a few questions though:

We have multiple VLANs on the inside (users, servers, etc). Everything get routed by our MSFC's which have a default route pointing to a Pix firewall. Once we add the second Pix with the 2nd Internet link, what VLAN interfaces do I apply the policy maps in order for this to work?

For example the firewalls are sitting on VLAN 1 and the servers are sitting on VLAN 20, users on VLAN 10 etc. I would want the default gateway for the users to be one Pix and for some of the servers the other Pix. At the same time I don't want this policy to overwrite any stating/dynamic routing existing on the MSFC's which would send traffic destined to other offices to a different router or VPN box.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card