Re: Challenge you, can you think of a better way? Examples...

ajd · ‎01-18-2002

You are the network engineer of a small company. You have the following:

2621 4x(Ethernet)

PIX 515 4x(Ethernet)

Provider1 (ISP) 64.X.X.X /24 (384/384 SDSL)

Provider2 (ISP) 216.X.X.X /24 (1Mb/1Mb SDSL)

LAN 192.168.1.0 /24

Mail Server 192.168.1.5 /24

WWW Server 192.168.1.6 /24

You would like the Mail Server static mapped to Provider1 (64.X.X.100).

You would like the WWW Server static mapped to Provider2 (216.X.X.100).

You would like all your outbound LAN traffic to go out the Provider2 (216.X.X.X) link.

You would like some outbound redundancy.

You would like the PIX to protect all traffic to the LAN and WWW/Mail Servers.

Please post examples on how you would do this. I keep coming up with over complicated scenarios.

Ill post what a CCIE said to do, not sure if possible.

Thanks,

AJ

ajd · ‎01-18-2002

CCIE suggested:

+---------< Inside LAN(192.168.1.0)

|

+-(Inside 192.168.1.1)

< PIX >

+-(Outside 172.16.10.2)

|

+--(f0/0 172.16.10.1)

< 2600 >

+--(e0/0 64.X.X.50)to Provider1 gateway 64.X.X.1

|

+--(e0/1 216.X.X.50) to Provider2 gateway 216.X.X.1

On the 2600:

static nat 216.X.X.100 to 172.16.10.5 (WWW)

static nat 64.X.X.100 to 172.16.10.6 (Mail)

On the PIX:

static 192.168.1.5 to 172.16.10.6 (Mail)

static 192.168.1.6 to 172.16.10.5 (WWW)

with static routes on the 2600:

ip route 172.16.10.5 goto pix outside(172.16.10.2)

ip route 172.16.10.6 goto pix outside(172.16.10.2)

So basically both are performing NAT. He said to create Policy Based Routing Maps for Outbound redundancy ( I see no way for inbound service redundancy).

Let me know if anyone thinks this is possible.

Thanks,

AJ