03-21-2003 02:42 PM - edited 03-02-2019 06:03 AM
Hello,
I can't figure out this on my own, PLEASE HELP, Thank You
this is what i have now: ISP(1)->2611->PIX->LAN, RIP protocol.
here is sample config of 2611:
interface FastEthernet0/0
ip address 1.1.1.65 255.255.255.224 <----ISP(1)
ip broadcast-address 1.1.1.95
interface Serial0/0
ip address 1.1.1.118 255.255.255.252
interface Serial0/2
ip address 2.2.2.110 255.255.255.252
router rip
redistribute connected
passive-interface FastEthernet0/0
distance 255
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.117
ip route 0.0.0.0 0.0.0.0 2.2.2.109
PIX515 config is simple, it takes broadcasted IP's and redestribute them or maps then to static ip inside of LAN
Here is the question, how can i add second ISP: ISP(1)+ISP(2)->2611->PIX->LAN so i can have load sharing and use block of IP form ISP(2) on my PIX?
I know i can have in interface fastethernet0/0 ip address 2.2.2.65 255.255.255.224 secondary, but can i have ip broadcast-address 2.2.2.95?
Can the PIX have secondary IP, PIX only has one outside interface.
If Possible, NO BGP
Thank You
03-21-2003 04:56 PM
You have a number of choices available to you, see the multihoming white paper on my web site for an overview. Whether or not you need to use BGP will depend upon what applications you are supporting and what your performance requirements are. If you are not using BGP, you have two challenges which you need to resolve: how to let ISP 1 know how to get traffic to you sent from your ISP 2 address (ditto for ISP2) and how to discover that the link to ISP1 is down so you (and ISP 1, don't forget traffic must go both ways to work) know to use the route via ISP 2 (and, of course, ditto for the link to ISP 2).
You also MUST add some protection to your router if you want to keep it under your control. In particular, turning off telnet, SNMP, and other vulnerable services, blocking illicit traffic from the Internet, etc. You would probably find Chapter 8 of my book interesting reading as well, although it may be too advanced. But it does include working examples of router security, BGP multihoming, and multihoming without BGP.
Good luck and have fun!
Vincent C Jones
03-23-2003 08:34 PM
Just some notes:
1. PIX does not support secondary addressing.
2. You can use secondary IPs on the 2611 and I believe there's no issue
with the broadcast address of the secondary IP.
3. You can just add the NAT and global, or static entries on the PIX
for the addresses from ISP2.
So the remaining issue is load-sharing which was answered on the previous post.
Also, for your servers that support secondary addressing, you have the option of adding
the secondary address on the server and then create a static translation on the PIX.
HTH.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide