09-28-2004 11:41 AM
Hi, folks!!
We have two routers connected one interface of each to internet and another interface of each connected to a net where is CSS. (After CSS we have the servers.)
If we set IP source route only in CSS, the return of packets for internet will be delivery correctly or not?
thanks in advance
09-29-2004 04:46 AM
Hi,
if your servers are not directly connected to CSS you can define a group and use "add destination service" command. This makes the return traffic (from servers to internet) go through CSS again.
check the exapmle below:
09-29-2004 05:48 AM
Thanks, but... the problem is, look below:
internet
~~~~~~~~~~~~~~~~~~~~~~~~
/ \
| |
+----+ +----+
| R1 | Ip source route | R2 | Ip source route
+----+ (disable) +----+ route(disable)
| 1 |2
----+------+ +----------------+-------
202.X.X.Y | | 201.W.W.Z
+-----+
| CSS | Ip source route (enable)
+-----+
|1
---+---+------+-- 10.10.40.0
|2 |3
+----+ +----+
| S1 | | S2 |
| | | |
+----+ +----+
I have two routers connected to CSS with different VLANs, that routers is connected to internet by distincts isp. So, if the traffic is coming from isp1 that must be return by isp1. If the traffic is coming from isp2 that doesn't have return by isp1.
I would like to know, if the traffic that is returning to internet or the traffic that is outgoing of CSS to internet, will be sent to correct router connected to internet, using ip source route?
Or exist another way to control the traffic of return for this lay-out?
thanks in advance,
09-29-2004 06:05 AM
Can you add your drawing as an attachment? it looks very busy in this page..
09-29-2004 06:14 AM
09-29-2004 07:22 AM
I think, you do not need source route.
If you mean that; traffic is coming from ISP1 itself, then you can write a static route that covers ISP's IP segment with a next-hop of R1 on CSS.
Or if you mean that, traffic is coming from anywhere on internet via ISP1, then it doesnt matter return traffic is outgoing via ISP1 or ISP2, because both are connected to internet, right?
in both cases; CSS doesn't nat the source address of incoming request, it only nats vip address to server address.
or am I missing something?
09-29-2004 09:06 AM
Nihal,
ok! That's all right!
No, you don't!
But I'm searching for a solution, where the traffic of internet return to the same way that came.
(I'm ask in this forum because my CSS is before of firewall and i thought that CSS could help me in this situation.)
thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide