Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
5
Replies

Equivalence of route-maps on CSS's???

c-price
Level 1
Level 1

‎03-05-2002 03:04 PM

Is there anyway one can assign the next hop address based on source IP?

What we have is two customers in a datacenter, we are trying to use two CSS's to load balance 4 firewalls. 2 firewalls for customer A and 2 for customer B. The problem is how to instruct outbound connections to use the appropriate set of firewalls? The clients source IP's are on seperate networks. It would be easy to do with route maps and policy routing on a router.

In need of something fast!!!

Thanks,

Clayton

Labels:
0 Helpful
5 Replies 5

dmichel
Level 1
Level 1

‎03-06-2002 11:52 PM

Have you seen the NQL & ACL command in CSSS?

Perhaps it should help you..

Regrads

0 Helpful

c-price
Level 1
Level 1
In response to dmichel

‎03-07-2002 08:40 PM

Thank you, I am familiar with those features. I was not able to find a way to apply those to routing. We spoke with Cisco, and they stated that in version 6.0 of WebNS there would be a feature called firewall grouping. But until then, there was not much we could do.

0 Helpful

perherna
Level 1
Level 1

‎03-11-2002 09:59 AM

Clayton,

You could do a static route for a particular subnet and make it always use one particular firewall to work around this. It might be kind of ugly depending on how you break up the subnets, but you could do something like:

ip route 10.1.1.0 255.255.255.0 firewall 1

ip route 10.1.2.0 255.255.255.0 firewall 2

ip route 192.168.1.0 255.255.255.0 firewall 3

ip route 192.168.2.0 255.255.255.0 firewall 4

It wouldn't be as elegant as when the firewall groups feature is introduced, but it might serve as a hack for your needs until then. You should be able to set administrative distances and enter the routes in twice for redundancy.

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_500/advcfggd/firewall.htm#xtocid190904

Hope this helps.

Cheers,

Perry.

0 Helpful

c-price
Level 1
Level 1
In response to perherna

‎03-26-2002 09:34 PM

Hello Perry,

Thanks for your response. That would work great for incoming traffic.

My problem lies with communications initiated from hosts behind the firewalls and backend CSS's. How can I make their traffic go out the proper firewall?

Thanks,

Clayton

0 Helpful

c-price
Level 1
Level 1
In response to c-price

‎03-26-2002 09:36 PM

Our Cisco Rep informed us of the firewall group feature. Any idea when this will be available?

Thanks,

Clayton

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card