08-13-2003 07:16 AM - edited 03-09-2019 04:25 AM
Hi,
I have some trouble in the perimetral network. We have installed a Cisco PIX515 with three interfaces. The interface outside is connected to a lan where there are two Internet routers (2621, 2621XM), each of them with its functionality (they are not doing backup)
I would like to route packets in the PIX to one or another access router depending on the application that generates the traffic (looking the source ip address). Something like using policy routing in cisco IOS, but I have seen that policy routing isn´t possible in pix.
Could you suggest any alternate method to route packets to different access routers?
Thanks a lot,
Nuria
08-13-2003 08:39 AM
Only other way,I can think of, is to put a router in front of the pix, which can do the policy routing. Or else you should be looking for boxes like BIG IP from F5 networks, which can do application based Load balancing.
08-13-2003 11:37 AM
Can you do this with routing from the external routers? If so a few methods come to mind ( not in order of what I'd do ;):
1.) If application A is only accessible via 2621-A, then run RIP and advertise it to the PIX. You can enable RIP on the outside interface of the PIX and you can use RIP authentication to secure it. So now the PIX has a route for destination A for application A via router A. This assumes that that is always true ( not a possiblity of a route to Application A via router B ).
2.) Another way to solve this problem: run HSRP on the 2621s inside interfaces. Connect the 2621's together with a cross over and share routing information that way with eigrp or whatever. Have static routes for the destination networks of whatever applications on both routers redistributed into eigrp. Now PIX sends packets to 2621-A (HSRP master) for everything, 2621-A routes to destination B via router B. This assumes you can actually route by destination. This is the method I would do if this is possible.
And finally, if you must: cross over again between 2621's, default route the PIX to one of them, and do PBR on the the same router.
Kenny
08-15-2003 04:02 AM
hi
you can put a router between the outside interface of pix and your lan and using policy routing.
the second choice if you are runnung pix 6.3 software you can use the command route map with ospf.
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide