Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy routing

Hi we have 2 firewalls on our internal network, each of them going out through different ISP's. Core network is dual 6509's with MSFS-2. We would like some of the servers to go out one of the firewall and the majority of users to go out the other firewall/link. How can this be accomplished? Will policy routing work or are there any other way to achieve this?

thanks for any help you can provide.

4 REPLIES
Hall of Fame Super Bronze

Re: Policy routing

Based on your requirement, Policy Based Routing (PBR) seems to be a feasible solution.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c/ch20/piconfig.htm#wp1001398

New Member

Re: Policy routing

Thanks for the link, I have a few questions though:

We have multiple VLANs on the inside (users, servers, etc). Everything get routed by our MSFC's which have a default route pointing to a Pix firewall. Once we add the second Pix with the 2nd Internet link, what VLAN interfaces do I apply the policy maps in order for this to work?

For example the firewalls are sitting on VLAN 1 and the servers are sitting on VLAN 20, users on VLAN 10 etc. I would want the default gateway for the users to be one Pix and for some of the servers the other Pix. At the same time I don't want this policy to overwrite any stating/dynamic routing existing on the MSFC's which would send traffic destined to other offices to a different router or VPN box.

Thanks!

Hall of Fame Super Bronze

Re: Policy routing

The policy route-map will be applied on the ingress interfaces Vlan before any routing takes place.

New Member

Re: Policy routing

Thanks for the link, I have a few questions though:

We have multiple VLANs on the inside (users, servers, etc). Everything get routed by our MSFC's which have a default route pointing to a Pix firewall. Once we add the second Pix with the 2nd Internet link, what VLAN interfaces do I apply the policy maps in order for this to work?

For example the firewalls are sitting on VLAN 1 and the servers are sitting on VLAN 20, users on VLAN 10 etc. I would want the default gateway for the users to be one Pix and for some of the servers the other Pix. At the same time I don't want this policy to overwrite any stating/dynamic routing existing on the MSFC's which would send traffic destined to other offices to a different router or VPN box.

Thanks!

107
Views
0
Helpful
4
Replies
CreatePlease to create content