Rhi Guidelines; Enabling Rhi - Cisco 7604 Configuration Manual

Chapter 8 Configuring IP Routing and DHCP Services
Additionally, if you have HSRP configured between two MSFCs on other interfaces which receive traffic
targeted towards either of the two FWSMs, you must choose a routing protocol configured between the
two MSFCs. This ensures that each MFSC knows the routes that can be reached through the other FWSM
that is not in the same chassis. If there is no exchange of routing information between the two MSFCs,
information will not be received and the system will not respond due to the fact that the HSRP Active
MFSC may receive a packet targeted towards a network that can be reached thru FWSM in the other
chassis. In that case, the HSRP Active MSFC did not learn of this route from the other MSFC, it may
drop the packet (or) incorrectly forwards it to it's default gateway.
The FWSM injects routes into the MSFC using SCP messages.

RHI Guidelines

•
•
•
•

Enabling RHI

To configure RHI, perform the following steps:
(Optional) If you want to limit the routes that you inject for each type (connected, static, and NAT), you
Step 1
can limit the routes you want to inject to those that match one of the following objects:
•
•
•
Enable RHI by entering the following command:
Step 2
hostname(config)# route-inject
The CLI enters route-inject configuration mode. You can only configure one route-inject command.
To inject NAT address routes, enter the following command:
Step 3
hostname(config-route-inject)# redistribute nat [route-map map_name | access-list acl_id |
global-pool pool_id] interface interface_name
where the interface interface_name argument specifies the FWSM interface; this interface IP address is
used as the next-hop IP address in the routes that are injected.
By default, all mapped addresses that you define in static and global commands are injected.
If you want to limit the NAT addresses injected, you can specify the route-map, access-list, or
global-pool argument; only matching addresses are injected. For the global-pool argument, make sure
the global command NAT ID that you specify is on the same interface as the redistribute command. If
you use the same NAT ID for multiple global commands on multiple interfaces, only those commands
on the matching interface as the redistribute command are used.
You can enter only one redistribute nat command.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
RHI is supported in both single and multiple context mode.
RHI is supported in routed firewall mode; it is not supported in transparent mode.
RHI is supported with failover (Active/Standby and Active/Active).
The FWSM interface that you specify as the next hop interface must be an SVI between the FWSM
and the MSFC. See the "Adding Switched Virtual Interfaces to the MSFC" section on page
route-map—See the "Defining a Route Map" section on page
in single context mode.
access-list standard—See the
(NAT only) global—See the
"Adding a Standard Access List" section on page
"Configuring Dynamic NAT or PAT" section on page
Configuring Route Health Injection
8-5. Route maps are only available
13-11.
16-26.
2-4.
8-33