Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
3
Replies

Basic Redundant Internet connections

M-Square
Level 1
Level 1

‎11-21-2003 02:28 PM - edited ‎03-02-2019 11:54 AM

I have a PIX515E as a head office Firewall with one inside interface and one outside (ISP A). I would

like to have another ISP connection to provide redundancy, no load-balancing etc..

Since the PIX does not support two default gateways ( A larger metric on the command does not work when attemting a floating route, hence the second default route gets ignored, I tried it on the DMZ interface) I would like to place a three interface router infront of the PIX ( ie a 1720, 2600 ) and bring the two ISP's into this box and have the third interface connect to the outside interface of the PIX515. Can I do this on the IOS router easily? It is easy to conect the two ISP's and have two default routes ( the second with a larger metric ) but how do I configure the third interface with a Public address? which ISP routable address do I use? is there a method for such?

-------ISP A

LAN---PIX---2600|

-------ISP B

I would prefer to not use BGP if possible usless.... there is a way to do such without having to coordinate with the ISP's.

Thanks for any assistance you can offer.

Regards

Merlin

Labels:
0 Helpful
3 Replies 3

fmeetz
Level 4
Level 4

‎12-01-2003 08:12 AM

Without BGP I do not think this is possible.

0 Helpful

ruwhite
Level 7
Level 7

‎12-01-2003 07:18 PM

If you own the outside and inside routers, you don't need the cooperation of the ISP to use BGP between them--just set up iBGP sessions using a private as number, and pass the default through the pix as needed. That should work for what you want, if I understand your problem correctly.

:-)

Russ.W

0 Helpful

s-almeida
Level 1
Level 1
In response to ruwhite

‎12-01-2003 08:25 PM

I don't think you require bgp at all.

The way out of this problem is to use the ip address of ISP A for outside interface of Pix and use natting of public ip on interface connected to ISP B.

Reason to use natting is : If the ISP A connectivity fails than the public ip used on outside int of PIX won't work hence you require to nat the public ip of ISP A when using ISP B for internet.

For Eg;

int e1

desc "conected to Outside Int of Pix"

ip x.x.x.5 255.255.255.252

ip nat inside

int s0

desc "ISP-A"

ip x.x.x.1 255.255.255.252

int s1

desc "ISP-B"

ip y.y.y.1 255.255.255.252

ip nat outside

ip nat inside source static x.x.x.5 y.y.y.1

ip route 0.0.0.0 0.0.0.0 x.x.x.1

ip route 0.0.0.0 0.0.0.0 y.y.y.1 100

0 Helpful
Customers Also Viewed These Support Documents