Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Equivalence of route-maps on CSS's???

Is there anyway one can assign the next hop address based on source IP?

What we have is two customers in a datacenter, we are trying to use two CSS's to load balance 4 firewalls. 2 firewalls for customer A and 2 for customer B. The problem is how to instruct outbound connections to use the appropriate set of firewalls? The clients source IP's are on seperate networks. It would be easy to do with route maps and policy routing on a router.

In need of something fast!!!

Thanks,

Clayton

5 REPLIES
New Member

Re: Equivalence of route-maps on CSS's???

Have you seen the NQL & ACL command in CSSS?

Perhaps it should help you..

Regrads

New Member

Re: Equivalence of route-maps on CSS's???

Thank you, I am familiar with those features. I was not able to find a way to apply those to routing. We spoke with Cisco, and they stated that in version 6.0 of WebNS there would be a feature called firewall grouping. But until then, there was not much we could do.

New Member

Re: Equivalence of route-maps on CSS's???

Clayton,

You could do a static route for a particular subnet and make it always use one particular firewall to work around this. It might be kind of ugly depending on how you break up the subnets, but you could do something like:

ip route 10.1.1.0 255.255.255.0 firewall 1

ip route 10.1.2.0 255.255.255.0 firewall 2

ip route 192.168.1.0 255.255.255.0 firewall 3

ip route 192.168.2.0 255.255.255.0 firewall 4

It wouldn't be as elegant as when the firewall groups feature is introduced, but it might serve as a hack for your needs until then. You should be able to set administrative distances and enter the routes in twice for redundancy.

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_500/advcfggd/firewall.htm#xtocid190904

Hope this helps.

Cheers,

Perry.

New Member

Re: Equivalence of route-maps on CSS's???

Hello Perry,

Thanks for your response. That would work great for incoming traffic.

My problem lies with communications initiated from hosts behind the firewalls and backend CSS's. How can I make their traffic go out the proper firewall?

Thanks,

Clayton

New Member

Re: Equivalence of route-maps on CSS's???

Our Cisco Rep informed us of the firewall group feature. Any idea when this will be available?

Thanks,

Clayton

208
Views
0
Helpful
5
Replies
CreatePlease to create content