cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
597
Views
0
Helpful
3
Replies

default route per content

juergen.klaiber
Level 1
Level 1

Hi,

is there a posibility to use different default routes depending on which content ist used?

If a client addresses the content Serverfarm1, the packets back to the client should be routed to Firewall-X(10.160.1.200).

All other contents should use Firewall-Y(10.160.1.36) as default gateway

thanks

Juergen Klaiber

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

Juergen,

the CSM will send the traffic back to where it came from. This is actually a good thing for your firewall because they would probably not accept asymetric connections.

If you want connections opened by the servers to follow different path, this is feasible.

Create a serverfarm with just one real for each firewall. Use 'no nat server' and the default predictor.

Create 2 vserver catch any 0.0.0.0/0 any and simply use vlan X and firewall1 for one vserver and vlan y and firewall2 for the other vserver.

Regards,

Gilles.

Gilles,

unfortunately we use a css - one armed with trunk, and not a csm.

It seems, that csm behaves in an other way than css.

Cisco says:

"Unlike other devices, the CSM will not perform a route lookup, but it memorizes the source MAC address from where the first packet of the connection was received. Return traffic for that connection is sent back to the source MAC address."

Is there a posibility to make css behave like csm?

Maybe a second interface to FW-2 could help?

Does css memorize, from which interface the session came?

Or is your suggestion usable for css as well?

And how is the config for it?

Lots of questions....sorry

Regards,

Juergen.

Juergen

Juergen,

the CSS should behave the same as the CSM and forward server response back using the same client path.

However, you may require default routes pointing to both firewall.

If 2 routes for a destination are possible, the CSS checks what path the client came in and it reuses the same path.

So, you need equal routes pointing to the 2 firewalls.

For server initiated traffic, there is a similar solution as the CSM one.

You will need to create service for the firewall and then use an acl with the 'prefer' option to select which firewall to use.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: