Interesting Senario

corey.mckinney · ‎04-06-2006

Okay, here's what I've got:

Firewall with 'inside' address 10.33.1.9

Router with 'fe0/1' address 10.33.1.1

Router with 'fe0/1' address 10.33.1.2

Now, this is what I'm trying to do:

Traffic from the 'DMZ' on the Firewall is going out to the .1 Router. Then, policy routing tells it to go to the .2 Router. That part is fine. Now, when the response comes back from the .2 Router, the routing table says send it to the .1 Router. The .1 Router has a route that says it needs to go to the Firewall. The problem is that it never gets to the Firewall. The .1 Router's log shows the traffic coming through, but the Firewall's log doesn't show that it receives it. The reason we don't have the .2 Router talk directly with the Firewall is because the .2 Router is owned by someone else, and we want all their traffic to go to the .1 Router, where we can control where it goes.

Any ideas on what is happening to the return traffic?

Thanks.

bhedlund · ‎04-06-2006

Try this on the .1 router fe0/1 interface:

'no ip redirects'

Let me know if that works... I'll explain if it does.

Regards,

Brad

malikbhai · ‎04-06-2006

u can define the local policy on router .1 , which states that when anything matches with the traffic coming from router .2 set the next hop for that traffic to firewall...