I have some trouble in the perimetral network. We have installed a Cisco PIX515 with three interfaces. The interface outside is connected to a lan where there are two Internet routers (2621, 2621XM), each of them with its functionality (they are not doing backup)
I would like to route packets in the PIX to one or another access router depending on the application that generates the traffic (looking the source ip address). Something like using policy routing in cisco IOS, but I have seen that policy routing isn´t possible in pix.
Could you suggest any alternate method to route packets to different access routers?
Only other way,I can think of, is to put a router in front of the pix, which can do the policy routing. Or else you should be looking for boxes like BIG IP from F5 networks, which can do application based Load balancing.
Can you do this with routing from the external routers? If so a few methods come to mind ( not in order of what I'd do ;):
1.) If application A is only accessible via 2621-A, then run RIP and advertise it to the PIX. You can enable RIP on the outside interface of the PIX and you can use RIP authentication to secure it. So now the PIX has a route for destination A for application A via router A. This assumes that that is always true ( not a possiblity of a route to Application A via router B ).
2.) Another way to solve this problem: run HSRP on the 2621s inside interfaces. Connect the 2621's together with a cross over and share routing information that way with eigrp or whatever. Have static routes for the destination networks of whatever applications on both routers redistributed into eigrp. Now PIX sends packets to 2621-A (HSRP master) for everything, 2621-A routes to destination B via router B. This assumes you can actually route by destination. This is the method I would do if this is possible.
And finally, if you must: cross over again between 2621's, default route the PIX to one of them, and do PBR on the the same router.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :