Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Asymmetric Routing with PIX

I am connecting two VLAN's together, for two different companies and am coming up with some complications.

As seen in the visio, the one site has a PIX as the default GW for the network, which I believe to be the main problem. As I remember from previous experience, the PIX 6.3 seems to have problems with Asymm routing.

I have tried solving this problem by using PBR to force the next hop to the PIX rather than the MSFC2, but haven't had any luck.

Any suggestions here? I have total control over everything but the PIX that is pictured, and can also not change the default gw of the clients in VL100.

4 REPLIES

Re: Asymmetric Routing with PIX

Hi,

PIX does not route traffic out the same interface on which the traffic was received on. It doesn't issue ICMP redirects either to the clients.

I can think of three solutions to the problem. Two of the three solutions would involve some configuration change on the PIX or changing the default gw of clients. Since, you stated you have no control over the PIX and you can't change the default gw of VL100 clients that would leave you with the one option (atleast, that's what comes to my mind now) that is configure a static route on VL100 hosts to forward VL18 traffic to the 192.168.10.2 (192.168.10.0 --> 192.168.10.2). Ofcourse, the default gw would remain the same on the hosts.

Hope that helps!

Regards,

Sundar

Community Member

Re: Asymmetric Routing with PIX

Sundar,

Thanks for your response.

I had thought of that, but I neglected to say that the users workstations were outside of my control as well. Ideally, in the future, I'll get the vl100 side to put in a router, and have better results.

For now, what I have come up with is NAT on the 6500, which is far from the solution that I desired, but it works.

Thanks again.

Re: Asymmetric Routing with PIX

Hi,

Glad to hear it works!! Oops, I forgot to mention the NAT solution and it sure should work.

If possible my suggestion would be to the change the default gw of the VL100 clients to 192.168.10.2 (MSFC) and the MSFC can then route all non-local traffic to the PIX.

Regards,

Sundar

Community Member

Re: Asymmetric Routing with PIX

Sundar,

I wish that making the MSFC the GW was an option, but it's owned by another company, and it's not going to change.

Thanks again.

140
Views
5
Helpful
4
Replies
CreatePlease to create content