Is there anyway one can assign the next hop address based on source IP?
What we have is two customers in a datacenter, we are trying to use two CSS's to load balance 4 firewalls. 2 firewalls for customer A and 2 for customer B. The problem is how to instruct outbound connections to use the appropriate set of firewalls? The clients source IP's are on seperate networks. It would be easy to do with route maps and policy routing on a router.
Thank you, I am familiar with those features. I was not able to find a way to apply those to routing. We spoke with Cisco, and they stated that in version 6.0 of WebNS there would be a feature called firewall grouping. But until then, there was not much we could do.
You could do a static route for a particular subnet and make it always use one particular firewall to work around this. It might be kind of ugly depending on how you break up the subnets, but you could do something like:
ip route 10.1.1.0 255.255.255.0 firewall 1
ip route 10.1.2.0 255.255.255.0 firewall 2
ip route 192.168.1.0 255.255.255.0 firewall 3
ip route 192.168.2.0 255.255.255.0 firewall 4
It wouldn't be as elegant as when the firewall groups feature is introduced, but it might serve as a hack for your needs until then. You should be able to set administrative distances and enter the routes in twice for redundancy.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...