Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
4
Replies

PIX 515 and 2 Internet links

tech
Level 1
Level 1

‎05-13-2004 08:08 AM - edited ‎02-20-2020 11:23 PM

I have 2 Internet connections via 2 different routers and 2 different ISPs. One is significantly faster than the other. I would like to setup the faster link to be the primary Internet connection and then autmotically failover to the slower link when the primary is down.

I have a PIX 515. Can I protect both links with the same PIX or do I need another PIX? Do I need to run BGP also?

I suppose that BGP would be helpful in that even though one link is faster than the other, the slower link could have a better least cost route to certain sites. The only problem I see with that is if I need to download large (100 MB+) files. I would always want to use the fast link in that case.

Any suggestions and/or links will be appreciated.

Thanks,

RJ

0 Helpful
4 Replies 4

thiland
Level 3
Level 3

‎05-14-2004 01:46 PM

For your first (and less complicated idea), your best bet is using a single PIX, and connecting your edge routers to a common switch. Then run HSRP between them for failover protection. The problem with this scenario is your slower link goes un-utilized until there is a failure of the primary link.

The other option is BGP as you stated, assuming your routers can handle BGP prefix tables from your ISP. The best you'll be able to do with BGP is load-sharing since you have 2 separate routers.

Refer to this document:

http://www.cisco.com/en/US/customer/tech/tk365/tk80/technologies_configuration_example09186a00800945bf.shtml

Perhaps you could implement a route-map on your "main" router connected to the fast link stating that select traffic would be routed to the "secondary" router.

Say, route your best-effort/unimportant traffic to the secondary gateway.

-Tanner

0 Helpful

tech
Level 1
Level 1
In response to thiland

‎05-14-2004 06:19 PM

Thanks for the reply.

How can I run HSRP if both of the ethernet interfaces are in different subnets? Use secondary addressing?

Thanks,

RJ

0 Helpful

thiland
Level 3
Level 3
In response to tech

‎05-17-2004 08:30 AM

I'm starting to get a little confused as to your logical setup. You said you wanted to use a single PIX firewall, and I was assuming the two routers would be connected to the same subnet.

I was talking about a scenario where you could run HSRP between the 2 routers for GW redundancy (PIX would point to HSRP address), and BGP between the 2 routers for load-sharing.

............................................./-->Router1-->ISP1-Fast

InsideNet-->PIX-->Switch-|

.............................................\-->Router2-->ISP2-Slow

Do you have a scenario like this?

................................./--e1-->Router1-->ISP1-Fast

InsideNet--e0-->PIX

.................................\--e2-->Router2-->ISP2-Slow

The purpose of HSRP is primarily gateway rendudancy, which won't help you since your gateway is the PIX.

0 Helpful

tech
Level 1
Level 1
In response to thiland

‎05-27-2004 11:35 AM

I have 2 /30 subnets for my serial interfaces for both routers from different ISPs. I also have 2 LAN blocks that are differnet on the Fa0/0 interfaces of both routers. These are for my Internet servers for WWW, DNS, etc.

Thanks,

RJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card