2 ISP's and PIX 515e - Please help

Unanswered Question
Apr 2nd, 2007
User Badges:

We purchased a T3 to be our main Internet connection, we have a T1 now. I want to make the T3 the primary and the T1 our backup Internet connection. However we have a lot of static statements on the PIX, so I want to have a backup static route for each statement, can the the PIX do this? Also the PIX has a lot for access-list can a make a secondary access-list for each on the PIX? Please let me know if anybody has any suggestions on how to design this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David White Mon, 04/02/2007 - 05:29
User Badges:
  • Cisco Employee,

For the "static statements" I was unclear if you meant "static nat statements" or "static route statements". Also, you didn't mention what version you were running.


Version 7.x adds some new features which may help you here. There is "route tracking" in which you can track your primary route (via ICMPs) and if it goes down, a secondary route is installed. (This can be pointed out a different interface). However, if you are NATing your traffic, having different redundant interfaces adds additional problems as xlates are not cleared out when routing changes.


Most customers instead put both ISP connections out the same interface of the PIX. Typically, these ISP connections are on routers, and then you just need to run OSPF on the two routers as well as on the PIX. You can then inject a default route via OSPF to the PIX. If the default route has the same weight, then the PIX will load-balance the traffic. Otherwise, you can set the default route from the T3 router to have a lower weight and for it to be preferred. The router would then stop advertising the default route if anything happens to it or the circuit.


Also, since both gateways are off the same interface of the PIX, you don't have to worry about NAT issues or ACLs. (The exception to this is if you are allocated and IP range from each ISP seperately.... then you have to place the two routers off different interfaces as discussed first.)


Hope it helps,


David.

peter.williams@... Mon, 04/02/2007 - 05:45
User Badges:

I am running Version 7.0(4)on the PIX. I also have a 4 port Ethernet module in the back of both PIX's. I do have each ISP on different routers. I have each router plugged into one on the Ethernet ports in the back of the PIX's. It sounds like I should configure the routers for OSPF and the default route, do you have some more information on how I should go about configuring the routers for the OSPF?

Actions

This Discussion