Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX OS7 - Policy Routing

I have 2 ISPs terminating on 2 different routers with 2 links each (redundant). I have configured 2 HSRP groups for both ISPs. I want my PIX OS7 to be configured in a way that allow me to policy route traffic. I need to classify traffic in 2 groups, 1 will be routed to ISP 1 HSRP virtual IP and second group will be routed to ISP 2 HSRP virtual IP.

Any notes, configuration guides will be appreciated.


Re: PIX OS7 - Policy Routing

You can just set a default route to the VIP on the edge router. On the PIX you NAT to what ever IPs you want. Once the traffic reaches the Edge router, you do PBR to route traffic from sources of ISP1 to ISP1 Link and traffic from sources of ISP2 to ISP2 link.

Let me know if you need further clarification,


New Member

Re: PIX OS7 - Policy Routing


Actually the problem is I have 2 HSRP Groups, that means I have 2 VIPs. 1 VIP is active on 1 physical router and 1 VIP is active on 2nd physical router. If I put a default route in the PIX to one VIP, that specific VIP will have to receive all the traffic and then to re-route the traffic to second VIP using route-map. This solution is not feasible. Please correct me if I got you wrong.


Re: PIX OS7 - Policy Routing

Now I understand your scenario. You have two ISPs each ISP terminated to one router. I still don't know why did you use two HSRP groups? Can you terminate both ISPs to the each router?

If you can attach the config of both routers I will understand your scenario more and I wil be more helpful. I have designed similar scenarios and pretty sure this can be done in a nice way.


CreatePlease to create content