busterswt Wed, 12/16/2009 - 19:55

I do not believe it is possible. However, you can use ACLs within source groups to possibly accomplish the same end result. If you can describe your scenario there may be a way to do it.


henry.saravia Thu, 12/17/2009 - 05:54

I have 4 vlan configured in the CSS, two for server conections (vlan A and B) and 2 for output conection (vlan C and D) across a firewall. I want to vlan A go across interface vlan C and traffic for vlan B across vlan D.

Gilles Dufour Thu, 12/17/2009 - 02:24

There is no route-map as such.

But as suggested, you can create an ACL to redirect traffic to a specific gateway.

CSS11503-2(config-acl[8])# clause 10 permit udp any destination any prefer ?

This will let you select a specific service.

You can then configure a transparent service for your gateway, and use it in the ACL above to forward traffic transparently to that gateway.


henry.saravia Thu, 12/17/2009 - 06:46

Do you have a example of how configuring the transparent service for a gateway?

Gilles Dufour Thu, 12/17/2009 - 08:32

CSS11503-2# conf t
CSS11503-2(config)# service gateway
CSS11503-2(config-service[gateway])# ip add
CSS11503-2(config-service[gateway])# type transparent-cache
CSS11503-2(config-service[gateway])# active

henry.saravia Thu, 12/17/2009 - 09:41

The address is IP of the gateway?, do you have a

drawing for this configuration?
busterswt Mon, 12/21/2009 - 18:34 would be the next hop, ie. the IP of the other firewall interface. I have attached a sample CSS config that should accomplish what you need to do based on the previous comments here. I've never done it, so I hope it works.

Let me know!



This Discussion