02-08-2006 06:24 AM
Hi, Messrs!
Please look the file attached.
The return of packet from internet are going to R1, we need this return to R2, what could I do?
The firewall default gateway is CSS.
PBR (policy-based routing) could help-me?
Could you explain how PBR works? Or which CSS guide shows how this work?
And how to configure?
Or anyother idea?
Below the cfg of our CSS11500.
(Version: sg0740103)
----------------------
ip ecmp address
ip route 0.0.0.0 0.0.0.0 200.x.x.15 1
ip route 0.0.0.0 0.0.0.0 201.y.y.15 1
***
circuit VLAN12
redundancy
ip address 200.x.x.42 255.255.255.0
no redirects
circuit VLAN11
ip address 201.y.y.42 255.255.255.0
no redirects
***
service DNS-3
keepalive maxfailure 1
ip address 10.111.110.93
keepalive type script dns "10.111.110.93"
keepalive frequency 10
active
service DNS-4
keepalive maxfailure 1
ip address 10.111.110.94
keepalive type script dns "10.111.110.94"
keepalive frequency 10
active
***
owner DNS
content DNS
vip address 201.y.y.93
protocol udp
port 53
add service DNS-3
add service DNS-4
active
***
group DNS-3
vip address 201.y.y.93
add service DNS-3
add service DNS-4
active
***
thanks in advance,
02-08-2006 02:04 PM
what you need is an ACL using the "prefer" option.
basically, you need to identify the source and destination of the traffic with an ACL, then use the prefer option to forward this traffic to R2 or whatever gateway.
You will also need to define a service for the default gateway that you want to use.
something like this
service R2
type transparent
ip address x.x.x.x
active
!
acl 1
clause 10 permit ip 10.1.1.0/24 destination any prefer R2
clause 20 permit any any destination any
apply VLAN...
Regards,
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide