adsl as backup for internet connection thru PIX

rpalacio · ‎05-16-2005

my client has mpls connection to the internet connected on the OUTSIDE interface of the firewall. And they decided to have an ADSL to act as a backup for their internet connectivity.

Ive read that we can only have a single default route on the PIX. What could be the best solution to this issue.

Thanks a lot.

a.alekseev · ‎05-17-2005

You can ask mpls provider to run OSPF between PIX and PE.

Provider will advertise only defalt route to the PIX.

On the pix you must have got default static route to ADSL with administrative distance greater than 110.

rpalacio · ‎05-17-2005

thanks. but how will my firewall know that the link on the mpls is down taking into account that the mpls switch port connected to the outside of the pix is always up?

thanks again.

matt-long · ‎05-17-2005

The pix version 7 software supports up to 3 equal cost default routes. However, you best option would be a router that as your current connection and a ADL connection into it and use the "backup interface" command to control the fail over.

rpalacio · ‎05-17-2005

My MPLS connection is thru a 3550 switch and not a router.

Is the backup interface command to be executed on the switch or the firewall?

Thanks a lot.

matt-long · ‎05-18-2005

The backup interface command is used on a router, surely you are installing a router to use with the ADSL line?

rpalacio · ‎05-18-2005

but the way i understand backup interface is executed on the main connection. ADSL in our case is a secondary (backup) internet connection.

matt-long · ‎05-19-2005

yes, that is correct.

What I was trying get at, was that if you have a router for your ADSL you could speak to your ISP and arrange for the MPLS to be terminated on a router so that you could use adsl as a backup. In fact, you really shold get your ISP involved to ensure that your IP addreses etc are routed correctly when using the backup.

rpalacio · ‎05-20-2005

But in my case, the MPLS connectivity is a 3550 and the adsl is a separate router and i dont have access to the MPLS switch. Does this mean am handicuff this time?

thanks.

rpalacio · ‎05-22-2005

I couldnt find any mid range router that is supporting MPLS. Could you help me on this?

Thanks.

a.alekseev · ‎05-22-2005

2691 and higher

matt-long · ‎05-23-2005

If you use a dynamic routing protocol you can setup the network like this:

LAN --- Cisco --- 3550 --- MPLS

2621

\---ADSL

and use the dialer watch command, this allows you to watch routes and use the backup if the routes disappear. Take a look at:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800dc81c.html#wp1000889

Warning: this is my understanding, I haven't tried it in the real world......

rpalacio · ‎05-23-2005

nice suggestion..but is adsl considred as DDR?..this is one of the prerequisite in usng dialer watch that was shown on the above link.

tyagivijay · ‎05-17-2005

Hello Matt ,

Just want to know that is it possible to assign Dynamic IP on PIX outside Interface connected to the DSL Router??

Network Setup:--

----Internet----DSL Router----PIX(506E)----LAN

Note: - We don’t have any static IP .

Thanks

vijay

tyagivijay · ‎05-17-2005

Hello Matt ,

Just want to know that is it possible to assign Dynamic IP on PIX outside Interface connected to the DSL Router??

Network Setup:--

DSL Router----PIX(506E)----LAN

Note: - We don’t have any static IP .

Thanks

vijay

adsl as backup for internet connection thru PIX

IOS XR: /var/log/syslog が logrotate されず、backup ファイルが容量を圧迫する

如何解决 TCP data backup 慢的问题

ASA5500-X: Internet Firewall 設定例 (冗長構成)

Forward Error Connection 'FEC'

Cisco NGFW: do PIX ao Firewall Threat Defense