Table of Contents
Advertisement
Chapter 10: IP Policy-Based Forwarding Configuration Guide
The following is the IP policy configuration for the Policy Router in
interface create ip mls0 address-netmask 10.50.1.1/16 port et.1.1
acl contractors permit ip 10.50.1.0/24 any any any 0
acl full-timers permit ip 10.50.2.0/24 any any any 0
ip-policy access permit acl contractors next-hop-list 11.1.1.1 action
policy-only
ip-policy access permit acl full-timers next-hop-list 12.1.1.1 action
policy-first
ip-policy access apply interface mls0
Firewall Load Balancing
The next-hop gateway can be selected by the following information in the IP packet:
source IP, destination IP, or both the source and destination IP.
configuration.
Intranet
mls1
Figure 23. Selecting Next-Hop Gateway from IP Packet Information
One session should always go to a particular firewall for persistence.
180
Firewalls
1.1.1.1
1
1.1.1.2
2
Policy
Router 1
1.1.1.3
3
1.1.1.5
4
1.1.1.4
2.2.2.1
2.2.2.2
Policy
Router 2
2.2.2.3
2.2.2.5
2.2.2.4
Internet Appliance User Reference Manual
Figure
22:
Figure 23
illustrates this
Internet
mls2
Advertisement
Table of Contents
