From a core Layer 3 switch I have got two routes to the Internet via two different service providers who provide their own routers (Which i have no access to).
I have two routes as if I were to have a single line, I would pretty much saturate the firewall CPU between the router and core switch.
The scenario as it stands is, every time router02 fails (exclusively used to web traffic), i have to quickly telnet to the core switch and reroute the default route to firewall01 which is for router01.
I have to do this remotely and have to wait for my ITcontact at the office to reboot router02 before I can reroute traffic back to firewall02.
Now the question is, how can I automate this procedure? what protocols are there to automate this?
Basically I want to automate the change of default route's next hop address when the current next hop is down. (Routing to firewall PIX)
I know this may seem easy enough but because I'm working with pix firewall devices as my next hop i'm not too familiar with possible methods.
Please have a look at the attached picture to give a better understanding of the problem.
With the information provided by you i would suggest to have a routing protocol between the Internet router and the firewall and recieve the advertise the default route to the core switch.
in case of either the router or the wan link goes down the router should stop announcing the default route to the firewall and the firewall will in turn stop advertising the same to the core switch.
In you core switch you need to define a static default route with higher admin distance that of your routing protocol designed between the firewall and core switch so that your IGP's route take precedence in normal conditions and when the default route advertised by IGP goes off then the static route will come into effect.
You need to now check out the compatibiliy of the firewall installed out there with the routing protocols which you can run to achieve this.
You also need to make sure that you get a default route from the internet router which can be advertised to your firewall.
Also have you thought about the redundancy for the traffic flow for the services through the other firewall/router ???
I was thinking I would have to run another routing protocol to advertise. The only problem is I'm not really supposed to access the internet router. So need to find a way to do this without touching the internet routers.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...