Doubt about packet return?

conectividade · ‎02-08-2006

Hi, Messrs!

Please look the file attached.

The return of packet from internet are going to R1, we need this return to R2, what could I do?

The firewall default gateway is CSS.

PBR (policy-based routing) could help-me?

Could you explain how PBR works? Or which CSS guide shows how this work?

And how to configure?

Or anyother idea?

Below the cfg of our CSS11500.

(Version: sg0740103)

----------------------

ip ecmp address

ip route 0.0.0.0 0.0.0.0 200.x.x.15 1

ip route 0.0.0.0 0.0.0.0 201.y.y.15 1

***

circuit VLAN12

redundancy

ip address 200.x.x.42 255.255.255.0

no redirects

circuit VLAN11

ip address 201.y.y.42 255.255.255.0

no redirects

***

service DNS-3

keepalive maxfailure 1

ip address 10.111.110.93

keepalive type script dns "10.111.110.93"

keepalive frequency 10

active

service DNS-4

keepalive maxfailure 1

ip address 10.111.110.94

keepalive type script dns "10.111.110.94"

keepalive frequency 10

active

***

owner DNS

content DNS

vip address 201.y.y.93

protocol udp

port 53

add service DNS-3

add service DNS-4

active

***

group DNS-3

vip address 201.y.y.93

add service DNS-3

add service DNS-4

active

***

thanks in advance,

Gilles Dufour · ‎02-08-2006

what you need is an ACL using the "prefer" option.

basically, you need to identify the source and destination of the traffic with an ACL, then use the prefer option to forward this traffic to R2 or whatever gateway.

You will also need to define a service for the default gateway that you want to use.

something like this

service R2

type transparent

ip address x.x.x.x

active

!

acl 1

clause 10 permit ip 10.1.1.0/24 destination any prefer R2

clause 20 permit any any destination any

apply VLAN...

Regards,

Gilles.