Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
3
Replies

Routing problem in PIX515

jsanjuan
Level 1
Level 1

‎08-13-2003 07:16 AM - edited ‎03-09-2019 04:25 AM

Hi,

I have some trouble in the perimetral network. We have installed a Cisco PIX515 with three interfaces. The interface outside is connected to a lan where there are two Internet routers (2621, 2621XM), each of them with its functionality (they are not doing backup)

I would like to route packets in the PIX to one or another access router depending on the application that generates the traffic (looking the source ip address). Something like using policy routing in cisco IOS, but I have seen that policy routing isn´t possible in pix.

Could you suggest any alternate method to route packets to different access routers?

Thanks a lot,

Nuria

Labels:
0 Helpful
3 Replies 3

thisisshanky
Level 11
Level 11

‎08-13-2003 08:39 AM

Only other way,I can think of, is to put a router in front of the pix, which can do the policy routing. Or else you should be looking for boxes like BIG IP from F5 networks, which can do application based Load balancing.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

salleek
Level 1
Level 1

‎08-13-2003 11:37 AM

Can you do this with routing from the external routers? If so a few methods come to mind ( not in order of what I'd do ;):

1.) If application A is only accessible via 2621-A, then run RIP and advertise it to the PIX. You can enable RIP on the outside interface of the PIX and you can use RIP authentication to secure it. So now the PIX has a route for destination A for application A via router A. This assumes that that is always true ( not a possiblity of a route to Application A via router B ).

2.) Another way to solve this problem: run HSRP on the 2621s inside interfaces. Connect the 2621's together with a cross over and share routing information that way with eigrp or whatever. Have static routes for the destination networks of whatever applications on both routers redistributed into eigrp. Now PIX sends packets to 2621-A (HSRP master) for everything, 2621-A routes to destination B via router B. This assumes you can actually route by destination. This is the method I would do if this is possible.

And finally, if you must: cross over again between 2621's, default route the PIX to one of them, and do PBR on the the same router.

Kenny

0 Helpful

salamh
Level 1
Level 1

‎08-15-2003 04:02 AM

hi

you can put a router between the outside interface of pix and your lan and using policy routing.

the second choice if you are runnung pix 6.3 software you can use the command route map with ospf.

regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents