×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Multiple ISPs with 1 PIX ????

Unanswered Question
Oct 18th, 2005
User Badges:

Hello Everyone,


We have two PIX 515 in a failover configuration at a data center and everything works great!


I would like to purchase an additional PIX 515 UR for Our office LAN. But before I do I need to know if it is possible to configure the PIX to do the following. We have both a T1 and high speed DSL connection at our office. I would like the PIX to be able to choose which one to use based upon wether they are up or not.

ie, if the T1 goes down or gets very slow I would like the PIX to then route traffic out the DSL interface and until the T1 is back to optimal. Is this a possibility with a PIX 515 with the max 6 interfaces? Or do i need to get a different device?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.4 (5 ratings)
Loading.
bigchoice75 Tue, 10/18/2005 - 11:59
User Badges:

The pix does not have this ability. Your best bet is to put a router in front of each isp then run hsrp on the internal side of routers and point the pix default route toward the hsrp address.

Patrick Iseli Tue, 10/18/2005 - 12:23
User Badges:
  • Gold, 750 points or more

YES and NO, you can setup another default route with a higher metric but the PIX will never detect that one ISP links is down if the router is still physicly up or the ISP has problems.


To link multiple ISP automaticly without manual config change you need a Link Loadbalancer.


examples:

- F5 LinkController

- Radware

- Elfiq LinkController - Alize

http://www.victrix.ca/elfiq/elfiq_alize_flyer_v1_14_en.pdf

http://www.victrix.ca/elfiq/elfiq_alize_product_guide_1_0_en.pdf


sincerely

Patrick


mgaysek Wed, 10/19/2005 - 03:51
User Badges:

You can achieve your goal by putting a router in front ofthe pix using wieghted static routes. I am not sure if this is possible in 7.x on a pix.

Patrick Iseli Wed, 10/19/2005 - 04:12
User Badges:
  • Gold, 750 points or more

How do you want to detect that the link went down after 3 or 4 Hops ?


BGP on both ISP would be also a possibility, but good luck to get that setup from your ISP.


sincerely

Patrick

jackko Wed, 10/19/2005 - 05:53
User Badges:
  • Gold, 750 points or more

there is a feature named saa/rtr avaliable on router, which enable tracking along the path from local router to the remote router.


unfortunately, pix has no such feature. i guess a router will need to be deployed.

yvasanthk Sat, 10/22/2005 - 09:31
User Badges:

A related question..Does PIX or FWSM allow multiple static default routes? If so, can it do per-destination load balancing?


Thanks.

jackko Sat, 10/22/2005 - 17:57
User Badges:
  • Gold, 750 points or more

i do think pix does auto load balancing.


however, the pix will not be able to determine whether the next hop internet link is avaliable or not.


e.g. a dsl router will be deployed in front of the pix. such as www <--> dsl router <--> pix.

since the dsl router and the pix are directly connected, so pix outside interface will always stay up regardless the dsl internet link availability. in other words, pix will keep forwarding packet to both next hops regardless the internet link availability. you can't really rely on pix to handle the routing.


an alternative is to setup the routing on one of the routers. e.g. pix has the t1 router as the default gateway, then it's up to t1 router to re-route packet to the dsl router as ios has feature to determine the internet link availability (e.g. saa, rtr).

Actions

This Discussion