PIX OS7 - Policy Routing

Unanswered Question
Sep 24th, 2006
User Badges:

I have 2 ISPs terminating on 2 different routers with 2 links each (redundant). I have configured 2 HSRP groups for both ISPs. I want my PIX OS7 to be configured in a way that allow me to policy route traffic. I need to classify traffic in 2 groups, 1 will be routed to ISP 1 HSRP virtual IP and second group will be routed to ISP 2 HSRP virtual IP.

Any notes, configuration guides will be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
m-haddad Mon, 09/25/2006 - 14:15
User Badges:
  • Silver, 250 points or more

You can just set a default route to the VIP on the edge router. On the PIX you NAT to what ever IPs you want. Once the traffic reaches the Edge router, you do PBR to route traffic from sources of ISP1 to ISP1 Link and traffic from sources of ISP2 to ISP2 link.

Let me know if you need further clarification,


ali.qureshi Tue, 09/26/2006 - 04:01
User Badges:


Actually the problem is I have 2 HSRP Groups, that means I have 2 VIPs. 1 VIP is active on 1 physical router and 1 VIP is active on 2nd physical router. If I put a default route in the PIX to one VIP, that specific VIP will have to receive all the traffic and then to re-route the traffic to second VIP using route-map. This solution is not feasible. Please correct me if I got you wrong.

m-haddad Tue, 09/26/2006 - 07:01
User Badges:
  • Silver, 250 points or more

Now I understand your scenario. You have two ISPs each ISP terminated to one router. I still don't know why did you use two HSRP groups? Can you terminate both ISPs to the each router?

If you can attach the config of both routers I will understand your scenario more and I wil be more helpful. I have designed similar scenarios and pretty sure this can be done in a nice way.



This Discussion