Showing results for 
Search instead for 
Did you mean: 

Forcing traffic to return back the way it came...

This is my dilemna. I have two sites in two different cities. One site is our primary data center, while the second site is our DR location. There may be some production servers at the DR location though. Now this is the stickler. We have a private frame network set up with some psuedo load balancing provided by our ISP. We have a set of FWSM's in our data center and no PIX devices at our DR site that are live. We want to bring them online and get them to permit/deny traffic from our customers as well as outside sources as needed. The thing is if someone comes through our DR site via the PIX there and gets sent to a destination at our main data center how can we assure that it will return back the path it originated from. Correct me if I am wrong but in normal operation if the traffic decides to return out a different path wouldn't the PIX read that as a possible denial of service and kill the source?

Frequent Contributor

How would the user redirection from the DR site to the main data center occur? Would it be accomplished via the http redirect? Or are you using non-web based protocols too? What I am asking for is if the client gets redirected, is it aware of the redirection and will initiate a new connection to the other data center?

Do your servers perform any reverse-proxying functions? - that is the server at the DR would issue the request on behalf of the user so that a server in the main data center sees the DR server as the client, not the true end-user.

You may need to perform destination nating if reverse-proxying and/or http redirects will not come into play. The pix at the DR site would have to perform dest nat on the clients, then when the main data center sees the client traffic, it would have to route it back to the DR pix - this is accomplished via internal routing, so you would have to make some routing adjustments.

Of importance also is how the load-balancing that your ISP is performing - how is that accomplished?