How to setup second PIX 515 for a second redundent Internet connection

agrayson · ‎12-18-2003

I have our HQ site in Hampton and a large subordinate site in Norfolk connected by 2 Full T-1s. We currently have only 1 internet connection in Hampton which is connected to the only PIX 515 firewall we have. I am adding a additional Internet connection in Norfolk and want to install a second PIX 515 firewall at the Norfolk site. The intent is Internet redundency and to free up bandwidth on the 2 T-1 that connect Hampton and Norfolk. We are using private IP space and NAT. The final goal is that if the Internet connection fails in Hampton then users will automatically be redirected to the good connection in Norfolk. Sorry this is long but it is a first for me to configure. Can anyone give me some best practice examples or point me to some how to....please Thanks

nkhawaja · ‎12-20-2003

Hi,

So this is your design

(Internet)--(Ry)-(PIX1)--(R1)------(R2)---(PIX2)--(Rx)--(Internet)

--------

Suppose R1, PIX1, Ry are on the HQ Side

R2, PIX2 and Rx are on Norfolk

I would recommend to use OSPF on all your internal networks and advertise default routes from your routers Ry and Rx. With some different admin distances etc. This way if one router (either Rx, or Ry) stops advertising a default route, because of a link failure, the other default route from the other router will kick in. Don have any sample configs on this, but it can atleast get you started.

Thanks

Nadeem

agrayson · ‎12-24-2003

Thanks.....looks very promising and I will get started testing

Thanks for taking the time to help