04-09-2007 10:00 AM - edited 03-11-2019 02:57 AM
Hi,
Our network is going to be redesigned. We have about 50 employees with remote agents using 501.
Our new design will be something like:
INTERNET -- ROUTER -- PIX -- L3 SWITCH -- LAN
My main problem is that there is another router connected to the L3 SWITCH (2651XM). I need to determine when the internet router is down so my data is sent through the 2651XM automatically (using something like HSRP or GLBP if possible). I thought about using a routing protocol but I am not aware that a Pix runs EIGRP (which is what we are currently running) but OSPF.
Here are my questions:
1. Would changing the routing protocol be worth the headache and get the work done?
2. Would you recommend another Pix, ASA or just keeping the one I have?
I would like to know whether changing my existing Pix will benefit my company.
Thanks a lot in advanced.
04-09-2007 10:41 AM
Have you considered "Reliable Static Routing Backup Using Object Tracking"?
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html
You can't run this on your 501, but you could on an ASA, referred to as Dual ISP. Unless you have at least a 3750 you can't run it on your L3 switch either.
04-09-2007 10:54 AM
04-09-2007 11:14 AM
It could work if you ran object tracking on the 2651 and moved it in between the Pix and the 3550. Your default route in the 2651 would be the inside of Pix as long as an icmp track was up to the upstream neighbor of your 1760. When that track failed, the default route would move to your Dallas connection. If I understood you correctly, I think that's what you want, correct me if I'm wrong. This may not be the best solution, but probably the cheapest.
04-09-2007 11:06 AM
I'd think about investing in a couple of switches - one live and one as a hot standby. Then you can have your internet go into the switch - then use both your routers connected into the switch using HSRP(now VRRP), and then back into your switch and one cable out into your ASA. I would then think about purchasing a second ASA box and have them in an Active-Active config (same as your routers) - and then into your L3 switch. Now the switch at your external facing edge is the single point of failure (but you have a hot standby) - and both your router and your ASA (being the most complicated and critical components) have redundancy. Of course your L3 switch is also a single point of failure which you may also want to look at but is entirely up to the budget :P
My 2 cents worth at any rate :)
Cheers,
Peter
04-09-2007 11:40 AM
Hi,
Thanks for your feedback.
Mightymouse, your solution sound really good but expensive; althouhg, I am open to buy another type of Pix or ASA if needed.
Acomiskey, I undestand what you are saying but the reason why this router is not in between the Pix and the Internet router is because it will handle my PRI and any routing to Dallas; therefore, I just wanted dedicated to that since it will handle (in the future) a point-to-point connection.
Now, I now that if I run OSPF on the Pix I would probably be able to get the job done. What is your feedback on that?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide