Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
0
Helpful
2
Replies

Using ACE RHI to inject a default route

stevek1
Level 1
Level 1

‎04-21-2008 07:46 PM

I think I posted this onto the wrong Forum. Anyone able to advise here?

SteveK.

Posted by: stevek1 - Network Administrator, Dept Natural Resources and Mines

Apr 18, 2008, 12:04am PST

Hi Folks,

I need to provide internal devices with active-active access to our clustered firewall which sits across 2 data centres.

I need to allow internal hosts to reach external/unknown networks via a default route.

We have ACE modules in our internal network aggregation 6513s at each site.

I aim to achieve this using RHI...ie...device at site 1 reaches the internet via firewall at site 1, device at site 2 reaches internet via firewall at site 2 (due to better route). If the firewall is inaccessible from site 2, ACE at site 2 removes the route from the MSFC using RHI and site 2 device traffic is re-routed to the site 1 exit point.

Has anyone out there done this before?

Regards, Steve.

| Outline | Subscribe | E-Mail this Message

--------------------------------------------------------------------------------

Replied by: stevek1 - Network Administrator, Dept Natural Resources and Mines - Apr 20, 2008, 6:48pm PST

Hi Folks,

It's Steve here again. I haven't had a response to my query as yet, but basically I need to know the validity of using ACE RHI to inject a default route as opposed to a host route.

Can anyone please advise?

Best Wishes, Steve.

Labels:
0 Helpful
2 Replies 2

zahkhan
Cisco Employee
Cisco Employee

‎04-22-2008 03:42 AM

Steve

ACE will inject a host route. But, I may know what you are up to. Please see the attached document. This may help.

Preview file
314 KB
0 Helpful

stevek1
Level 1
Level 1
In response to zahkhan

‎04-24-2008 07:22 AM

Thanks so much for your response Zahoor.

The solution you have provided is more complicated than I had in mind. For example we had not intended using FWSM (we don't have these modules). I just want to use our existing ACEs at each Data Centre to provide the injection of a default route to our internal EIGRP process based on the result of a probe to our Checkpoint FW. What do you think?

Steve.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card