Re: two default routes

erickflamenco · ‎07-10-2006

Hi,

I have two content switches sharing a VIP between others, some of the vips 10.10.3.0 must have a default route to 10.10.3.1 to the Internet, while other VIPs serve as VIP for service request coming from the internet to 10.10.1.0 VIPs, but I need to give a response to internet addresses requesting 10.10.1.0 service through a 10.10.1.1 gateway, If I define two default routes I fall in problems, so, I must have just one default route through 10.10.3.1, question, How can I do to send back responses, coming from internet addresses through 10.10.1.1 to be returned back through this gateway and not through 10.10.3.1?

Internet?pix10.10.1.1---vips10.10.1.0---|--3.5--|CSS1|--------|server-1

|--1.5..| | |server-2

| | |?

Internet---pix10.10.3.1---vips10.10.3.0---|---3.6-|CSS2|--------|server-n

|---1.6-|

Thanks in advance,

Erick Flamenco

skumar1969 · ‎07-11-2006

Erick,

I would recommend use a default-gateway to reach Internet and put a static entry to reach the 10.10.3.0 network. Adding dual DG doesn't make any sense to me.

After adding rotues, try 'show ip route' on the CSS and it verify entries in the ip route table, just like router.

thanks

Gilles Dufour · ‎07-16-2006

one solution in the past was to do source nating on the firewall with different natpool.

This would guarantee that traffic coming in through firewall1 would go out back through firewall1.

The disadvantage is that the server loses information about the client ip and the CSS can't do sticky based on source ip anymore.

However, I think the 2 DG solution should work.

Did you try to troubleshoot to see what was going on with 2 DG ?

Gilles.