Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

default route per content


is there a posibility to use different default routes depending on which content ist used?

If a client addresses the content Serverfarm1, the packets back to the client should be routed to Firewall-X(

All other contents should use Firewall-Y( as default gateway


Juergen Klaiber

Cisco Employee

Re: default route per content


the CSM will send the traffic back to where it came from. This is actually a good thing for your firewall because they would probably not accept asymetric connections.

If you want connections opened by the servers to follow different path, this is feasible.

Create a serverfarm with just one real for each firewall. Use 'no nat server' and the default predictor.

Create 2 vserver catch any any and simply use vlan X and firewall1 for one vserver and vlan y and firewall2 for the other vserver.



New Member

Re: default route per content


unfortunately we use a css - one armed with trunk, and not a csm.

It seems, that csm behaves in an other way than css.

Cisco says:

"Unlike other devices, the CSM will not perform a route lookup, but it memorizes the source MAC address from where the first packet of the connection was received. Return traffic for that connection is sent back to the source MAC address."

Is there a posibility to make css behave like csm?

Maybe a second interface to FW-2 could help?

Does css memorize, from which interface the session came?

Or is your suggestion usable for css as well?

And how is the config for it?

Lots of questions....sorry




Cisco Employee

Re: default route per content


the CSS should behave the same as the CSM and forward server response back using the same client path.

However, you may require default routes pointing to both firewall.

If 2 routes for a destination are possible, the CSS checks what path the client came in and it reuses the same path.

So, you need equal routes pointing to the 2 firewalls.

For server initiated traffic, there is a similar solution as the CSM one.

You will need to create service for the firewall and then use an acl with the 'prefer' option to select which firewall to use.


CreatePlease to create content