Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
1
Replies

routing issues with CSS 11100

mbell
Level 1
Level 1

‎03-19-2006 04:12 PM

I have a client with a CSS 11151 content switch. In front of the CSS (the "outside" interface), the client has a PIX and a 3060 VPN concentrator. Some of the traffic comes in from the 3060 and some from the PIX, hence the reply traffic needs to go through two different gateways depending on where it came from. Up to this point, they put a 7120 router on the segment (its only connection) for the sole purpose of sending ICMP redirects to the CSS. The 7120 is the default gateway for the CSS. Obviously, this is not the greatest arrangement and has been made worse since they are experiencing significant performance issues when traffic begins to exceed about 4.5Mbps through the CSS.

The client says they tried to configure a default route to the PIX and another static route to the 3060 but then *all* of their traffic began following the route to the 3060. To further complicate the issue, they are running redundant SCAs. Their current routing configuration is this:

ip route 0.0.0.0 0.0.0.0 1.1.1.1 1

ip route 0.0.0.0 0.0.0.0 192.168.102.5 1

ip route 0.0.0.0 0.0.0.0 192.168.102.6 1

ip route 192.168.100.0 255.255.255.0 1.1.1.1 1

ip route 10.0.0.55 255.255.255.255 1.1.1.1 1

192.168.102.5 and .6 are the two SCAs. 1.1.1.1 is the 7120. 1.1.1.2 is the PIX and 1.1.1.3 is the 3060.

Logically, it seems that I could add a route to 10.7.0.0/16 via 1.1.1.3, 192.168.102.5, and 192.168.102.6. I would think this would allow the CSS to send the traffic through the appropriate gateway instead of having to use the 7120 for ICMP redirects.

Since this is such a strange CSS deployment, I have not been able to find anything on CCO that I could use as a reference configuration. But, according to the documentation, it seems that the "ip route" statement in the CSS works just like it would in any other device so I do not understand why the client would have had problems.

Can anybody help with this?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎03-20-2006 12:54 AM

When more than 1 route exist for the same destination, the CSS prefers the one that was used for incoming traffic by default.

So the solution would be to use static for the pix and 3060.

If you start configuring more specific routes, you will need to configure the same route pointing to the SCA.

This is to make sure that the CSS knows when to send the traffic to the SCA and when to send it outside.

A static route on the css works the same as with ios devices. There is just the ECMP feature that let the CSS chose between 2 or more equal routes based on incoming traffic.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents