I have one HA pair that sits at the edge of the network running internet traffic outbound. I want to also run all other traffic through this pair as well, but don't want to use it for default gateways for networks. I have done this before, but in one scenario we had edge and core PAs so it made it easier for routing. The other scenario was running vWire and not working about the routing at the PA level. So I am trying to understand if this is possible. So I want MPLS traffic to come in on the MPLS router (also being the server gateways) and I want the router to have a default route to push ALL traffic to the firewall and come in on the external-untrust interface, then when the traffic gets "in" the firewall I will have static routes or using a routing protocol to know that if it needs to get server resources then go out the internal-trusted interface down to the servers, or if anything else is the destination then go to the internet. For some reason I don't think what I want to do will work because of routing, or asymetrical routing...I am not sure though. I just dont know how I would run vWire between a router and a switch to achieve this.
... View more