First of all thank you;

my question is; i get different registered IP addresses from diff. ISP

i use static nat in my PIX (to nat DMZ servers).

what if one ISP fail? how route to my dmz server will be handled? the second ISP don't now any thing about my first ISP IPs

is this config provide a load balance + redundancy :

-------------ip subnet-zero

!

interface fastEthernet0/0

ip address 100.100.100.1 255.255.255.0

ip address 200.200.200.1 255.255.255.0 secondary

!

interface Serial0

description ISP1

ip address 100.100.101.1 255.255.255.252

interface Serial1

description ISP2

ip address 200.200.201.1 255.255.255.252

ip route 0.0.0.0 0.0.0.0 Serial0

ip route 0.0.0.0 0.0.0.0 Serial1

--------------

For the configuration, it can provide load-sharing + redundancy in principle. However, where there is two IP in FE 0/0 ? What is the purpose ?

In response to your earlier question. In normal case, one ISP will not advertise other ISPs registered IP. ISP will only advertise the registered IPs which is belonging to themselves and owned by the customer.

If you are using a PIX (Firewall), the NAT will be carried by the PIX and the PIX will have two interfaces to connect to two ISP. When one of the ISP link down, the PIX should not forward the traffic to that ISP and only use the active ISP link, but you can use the same internal address.

If there is public server for external access, you can use DNS to redirect the traffic to the correct registered IP. I believe your client and user will not use the registered IP to access the server and will use domain name only.

Hope this helps.

hi;

- FE 0/0 has two IPs represent the two ISP subnets.

- the PIX do a nat to some servers, either to ISP1 or ISP2

my questions is :

if ISP1 fail; then all natted IPs related to its range will forewarded to ISP2; do ISP2 has a route for ISP1 IPs??? sure no?

for client servers i can use the DNS

but what if configured natted IPs to access the internet LIKE proxy or do a natted for subnet to access other outside servers?

then if their IPs ISP fail; no route will be associated with them?

this is part of my pix

----------------- PIX --------------------

static (dmz,outside) 100.100.100.22 10.10.10.22 netmask 255.255.255.255

static (dmz,outside) 100.100.100.23 10.10.10.23 netmask 255.255.255.255

static (dmz,outside) 200.200.200.42 10.10.10.42 netmask 255.255.255.255

static (dmz,outside) 200.200.200.43 10.10.10.43 netmask 255.255.255.255

if ISP1 fail (100.100.100.0); then it will be forwarded using ISP2(200.200.200.0)

how ISP2 will know its route ????

Thanks

Do you mean both ISP provides two setup of IP to you ? One for serial and one for LAN ?

As I mentioned before, in normal case, one ISP will not advertise other ISP subnet. You have to check w/ the ISP for their policy. In techical, there is no problem to advertise the route from other ISP.

If the client is using domain name to access your server and the IP of the domain will be changed automatically (by some DNS service provider) then it is fine. Because if the active ISP link down, they should not advertise your NATted server address then the DNS service provider (or you to change your DNS server) should change the IP of the domain name to other ISP address.

For the ISP route, it depends on how they advertise the router to the Internet, if the ISP will advertise the summary route, then it will properly to include your server route, no matter the link to your office is up or down, they will still advertise the summary route to the Internet. If it is the case, you need to change the DNS entry to make the client to access your server via new IP address.

If your client's ISP connection fail, it is their responibility to look for backup solution.

According to the PIX configuration, you have two sets of NAT for two sets of server. Once the ISP assigned the IP subnet to you, they will adertise it to the Internet automatically. So, the ISP2 subnet will be advertised by ISP2 automatically and forward the traffic to you if the destination is your server's public IP address.

Hope this helps.

Yes; each ISP give me diff IP ranges for serial and LAN.

my question is related to redundancy:

* if ISP1 fail all traffic will be handeled by ISP2 .. Right

* if ISP2 fail all traffic will be handeled by ISP1 .. Right

for example my proxy use ISP1 IP and ISP1 fail

then it will use ISP2.

how ISP2 knows how to route this IP address to my network? ISP2 know nothing regarding ISP1,

all what ISP2 knows is to route its IPs which is related to my network??

the proxy natted in the PIX

Thanks

Thanks. I understood your concern, ISP will only advertise and route the traffic within their network. They cannot be a transit for other ISP. So, if ISP1 down, the ISP2 will not route the ISP1 traffic. Therefore, if your NAT is configured for ISP1 only, it will not be able to communicate to Internet; if the NAT is already configured w/ ISP2 address then select to use which ISP that is depends on the PIX and routing design.

e.g. if your server use ISP2 address for NAT, the client access the server at ISP2 address, the traffic will flow to ISP2 then forward to you.If your server is using ISP1 address for NAT, it is the same way that it will use ISP1 for communication. If ISP1 link down, the user has to use ISP2 address to access the server only, so I asked to use DNS to tell the client which IP is the correct / active IP for their access.

Once again, in normal case, one ISP will not advertise other ISPs subnets, so the client will never access the server with reachable address.

Hope this helps.

Thanks a lot jack;

OK for outside clients i will use the DNS.

But what about the natted servers in my network whos need to access internet for services like proxy or DNS.

both will be services from inside clients not outside.

both have ISP1 natted IPs; what if ISP1 fail?

then they will directed to ISP2 ..right?

but they still have ISP1 natted

ooh .. how their traffic will be directed to my network using ISP2??

can i for example have two natted (ISP1,ISP2) for the same server.. No

how can i have redundant natted IP to the two ISP?

can i tell each ISP to route another ISP addresses?

Thanks

Thanks a lot Jack;

I appriciate your support.

I will try to let the ISP to adv. each other IPs which assigned to my co.

Thanks again

You're welcome. You may consider to get your public IP then if you change the ISP in future, you still can use your IP address assignement w/o require to get new from the ISP again. ;)

please i have final question:

[PIX]-[Internet Router]< ISP1 , ISP1

the above is my Scenario:

PIX do a natting:

- some servers natted using ISP1 (proxy1)

- some servers natted using ISP2 (proxy2)

ISP1 just route to me the subnet of real IPs which is given to me

ISP2 just route to me the subnet of real IPs which is given to me

ASSUME ISP1 fail;

then how can the natted servers (which use ISP1) still access the outside, ISP2 will not handle them since they are from diff. ISP with diff subnet ???

should i re-natt them?

Regards

IMO, yes, you need to re-NAT the ISP1 hosts. If you re-NAT the ISP1 connected hosts to ISP2, you also need to re-advertise the DNS w/ the ISP2 address. It was because the customer is using domain name to resolve the IP address, and you have to tell them which address is correct. This is the reason why I ask you to get public IP, if you have public IP, you don't have this problem and both ISPs will advertise the address for you and build resiliency automatically.