ACE module, redundant access to firewall from 2 sites

Unanswered Question
Apr 17th, 2008

Hi Folks,

I need to provide internal devices with active-active access to our clustered firewall which sits across 2 data centres.

I need to allow internal hosts to reach external/unknown networks via a default route.

We have ACE modules in our internal network aggregation 6513s at each site.

I aim to achieve this using RHI...ie...device at site 1 reaches the internet via firewall at site 1, device at site 2 reaches internet via firewall at site 2 (due to better route). If the firewall is inaccessible from site 2, ACE at site 2 removes the route from the MSFC using RHI and site 2 device traffic is re-routed to the site 1 exit point.

Has anyone out there done this before?

Regards, Steve.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
stevek1 Sun, 04/20/2008 - 17:48

Hi Folks,

It's Steve here again. I haven't had a response to my query as yet, but basically I need to know the validity of using ACE RHI to inject a default route as opposed to a host route.

Can anyone please advise?

Best Wishes, Steve.

Actions

This Discussion