cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
967
Views
0
Helpful
2
Replies

Using ACE RHI to inject a default route

stevek1
Level 1
Level 1

I think I posted this onto the wrong Forum. Anyone able to advise here?

SteveK.

Posted by: stevek1 - Network Administrator, Dept Natural Resources and Mines

Apr 18, 2008, 12:04am PST

Hi Folks,

I need to provide internal devices with active-active access to our clustered firewall which sits across 2 data centres.

I need to allow internal hosts to reach external/unknown networks via a default route.

We have ACE modules in our internal network aggregation 6513s at each site.

I aim to achieve this using RHI...ie...device at site 1 reaches the internet via firewall at site 1, device at site 2 reaches internet via firewall at site 2 (due to better route). If the firewall is inaccessible from site 2, ACE at site 2 removes the route from the MSFC using RHI and site 2 device traffic is re-routed to the site 1 exit point.

Has anyone out there done this before?

Regards, Steve.

| Outline | Subscribe | E-Mail this Message

--------------------------------------------------------------------------------

Replied by: stevek1 - Network Administrator, Dept Natural Resources and Mines - Apr 20, 2008, 6:48pm PST

Hi Folks,

It's Steve here again. I haven't had a response to my query as yet, but basically I need to know the validity of using ACE RHI to inject a default route as opposed to a host route.

Can anyone please advise?

Best Wishes, Steve.

2 Replies 2

zahkhan
Cisco Employee
Cisco Employee

Steve

ACE will inject a host route. But, I may know what you are up to. Please see the attached document. This may help.

Thanks so much for your response Zahoor.

The solution you have provided is more complicated than I had in mind. For example we had not intended using FWSM (we don't have these modules). I just want to use our existing ACEs at each Data Centre to provide the injection of a default route to our internal EIGRP process based on the result of a probe to our Checkpoint FW. What do you think?

Steve.

Review Cisco Networking for a $25 gift card