cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
579
Views
12
Helpful
7
Replies

Multiple ISPs with 1 PIX ????

nevenvision
Level 1
Level 1

Hello Everyone,

We have two PIX 515 in a failover configuration at a data center and everything works great!

I would like to purchase an additional PIX 515 UR for Our office LAN. But before I do I need to know if it is possible to configure the PIX to do the following. We have both a T1 and high speed DSL connection at our office. I would like the PIX to be able to choose which one to use based upon wether they are up or not.

ie, if the T1 goes down or gets very slow I would like the PIX to then route traffic out the DSL interface and until the T1 is back to optimal. Is this a possibility with a PIX 515 with the max 6 interfaces? Or do i need to get a different device?

7 Replies 7

bigchoice75
Level 1
Level 1

The pix does not have this ability. Your best bet is to put a router in front of each isp then run hsrp on the internal side of routers and point the pix default route toward the hsrp address.

YES and NO, you can setup another default route with a higher metric but the PIX will never detect that one ISP links is down if the router is still physicly up or the ISP has problems.

To link multiple ISP automaticly without manual config change you need a Link Loadbalancer.

examples:

- F5 LinkController

- Radware

- Elfiq LinkController - Alize

http://www.victrix.ca/elfiq/elfiq_alize_flyer_v1_14_en.pdf

http://www.victrix.ca/elfiq/elfiq_alize_product_guide_1_0_en.pdf

sincerely

Patrick

mgaysek
Level 1
Level 1

You can achieve your goal by putting a router in front ofthe pix using wieghted static routes. I am not sure if this is possible in 7.x on a pix.

How do you want to detect that the link went down after 3 or 4 Hops ?

BGP on both ISP would be also a possibility, but good luck to get that setup from your ISP.

sincerely

Patrick

there is a feature named saa/rtr avaliable on router, which enable tracking along the path from local router to the remote router.

unfortunately, pix has no such feature. i guess a router will need to be deployed.

A related question..Does PIX or FWSM allow multiple static default routes? If so, can it do per-destination load balancing?

Thanks.

i do think pix does auto load balancing.

however, the pix will not be able to determine whether the next hop internet link is avaliable or not.

e.g. a dsl router will be deployed in front of the pix. such as www <--> dsl router <--> pix.

since the dsl router and the pix are directly connected, so pix outside interface will always stay up regardless the dsl internet link availability. in other words, pix will keep forwarding packet to both next hops regardless the internet link availability. you can't really rely on pix to handle the routing.

an alternative is to setup the routing on one of the routers. e.g. pix has the t1 router as the default gateway, then it's up to t1 router to re-route packet to the dsl router as ios has feature to determine the internet link availability (e.g. saa, rtr).

Review Cisco Networking for a $25 gift card