Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
4
Helpful
4
Replies

CSS return traffic

Go to solution
jcarvalh
Level 1
Level 1

‎06-23-2009 11:05 AM

Hello.

My client has a regular implementation of a CSS in router mode.

He now wants to create an aditinal logical structure with an aditional gateway to the internet. He has 2 firewalls (one for ServiceProvider-A and one for SP-B.

My problem is that I cannot make NAT to source addresses (legal stuff) and so I don't know how to forward traffic that came via SP-A to SP-A, and traffic that came via SP-B to SP-B.

Any ideias on how to solve this one? I'm looking for a feature like mac-sticky but I can't find one. I also believe that CSS does not support PBR.

Thanks in advance,

Joao Carvalho

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to jcarvalh

‎06-24-2009 02:30 AM

actually, this is interface in the sense 'circuit vlan'.

Gilles.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎06-24-2009 01:04 AM

Joao,

what you need is just 2 default static routes.

The CSS will automatically send response back to the firewall that send the query.

This behavior could be changed with the 'ip ecmp' command

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/routing/guide/IP.html

G.

Go to solution
jcarvalh
Level 1
Level 1
In response to Gilles Dufour

‎06-24-2009 01:25 AM

Hello.

In the document that you refered, I can see that "This means that the preferred interface over which to reply to a client is the interface on which the CSS originally received the request from the client.".

By interface we can assume that we are talking of VLANs? They have only one interface connected in trunk mode. This means that all requests arrive to the same interface but on different VLANs.

Thanks,

Joao Carvalho

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to jcarvalh

‎06-24-2009 02:30 AM

actually, this is interface in the sense 'circuit vlan'.

Gilles.

0 Helpful

Go to solution
jcarvalh
Level 1
Level 1
In response to Gilles Dufour

‎06-24-2009 02:34 AM

Hello.

Thank you very much for your help.

Best regards,

Joao

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents