06-23-2009 11:05 AM
Hello.
My client has a regular implementation of a CSS in router mode.
He now wants to create an aditinal logical structure with an aditional gateway to the internet. He has 2 firewalls (one for ServiceProvider-A and one for SP-B.
My problem is that I cannot make NAT to source addresses (legal stuff) and so I don't know how to forward traffic that came via SP-A to SP-A, and traffic that came via SP-B to SP-B.
Any ideias on how to solve this one? I'm looking for a feature like mac-sticky but I can't find one. I also believe that CSS does not support PBR.
Thanks in advance,
Joao Carvalho
Solved! Go to Solution.
06-24-2009 02:30 AM
06-24-2009 01:04 AM
Joao,
what you need is just 2 default static routes.
The CSS will automatically send response back to the firewall that send the query.
This behavior could be changed with the 'ip ecmp' command
G.
06-24-2009 01:25 AM
Hello.
In the document that you refered, I can see that "This means that the preferred interface over which to reply to a client is the interface on which the CSS originally received the request from the client.".
By interface we can assume that we are talking of VLANs? They have only one interface connected in trunk mode. This means that all requests arrive to the same interface but on different VLANs.
Thanks,
Joao Carvalho
06-24-2009 02:30 AM
actually, this is interface in the sense 'circuit vlan'.
Gilles.
06-24-2009 02:34 AM
Hello.
Thank you very much for your help.
Best regards,
Joao
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide