Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Network Traffic Division

We our going to install a secondary DSL line to supplement our current connection and i have been given the task of checking to see if there is a way to divide our internet bound network traffic btween the two DSL routers.

currently we have all of our traffic coming through a 2950 catalyst switch through the PIX 501 firewall which is connected to one port on the switch and finally ending up at a port on the DSL router.

I would like to know is there perhaps an access rule on the firewall or configuration on the switch etc that i use to acheive this. i cannot see anything obvious.

Any ideas would be very welcome.

12 REPLIES
Bronze

Re: Network Traffic Division

Hi James,

You can use the policy based routing using the route maps. Here you change the next hop either to dsl1 or dsl2 based upon the access list.

Please read the following link...

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolicy.html

Rate if it helps..

BR

*aijaz*

New Member

Re: Network Traffic Division

cisco ASAs haev the ability to minotor routes and support a secondary route, but only in version 7.x code and higher (which won't load to a 501). You can, however, get that with an ASA 5505 for not much $.

One of the issues you face is that, with most routing systems, whether the route is up or not is determined by whether the interface is up or not. So, if the DSL link dies but the Ethernet connection between the PIX and the 501 is still up, the PIX doesn't know the link is failed because the Ethernet port is still up. In the ASA series, you set a 'heartbeat' that is monitored on the link to validate connectivity beyond the immediate Ethernet switch port (kind of a poor man's BGP4, if you would).

And using a 501 makes it even tought, because it only has one uplink port and you'd have to connect the 501 to the switch and then to the two DSL links. In that arrangement, the DSL modem could be removed entirely and the 501 wouldn't know it because the switch would still support the Outside interface as UP.

Super Bronze

Re: Network Traffic Division

Assuming the PIX has default route out the existing DSL port, it might be as simple, if supported, to just add another default route out the second DSL port.

[edit]

Just saw the other recent post. If the PIX doesn't have a second port, the other solution might be to place a router between the PIX and the DSL links to split the outbound traffic.

New Member

Re: Network Traffic Division

Thanks guys for all the replies and info.

if i was to use a router to split the traffic would you have any reccomendations for a simple router to do the job. also if i were to use policy based routing can this be done via the gui on the firewall.

Super Bronze

Re: Network Traffic Division

Regarding a simple router, what kind of links are you using and their bandwidths? Any expected growth?

New Member

Re: Network Traffic Division

Link Speed form behind the router will be 100mb and on the other side DSL 1mbit.

Growth is very likely.

Super Bronze

Re: Network Traffic Division

Assuming we need one Ethernet connection to the PIX and two more Ethernet, one to each DSL router, the 1841 with an Ethernet 4 port HWIC or 1 port FastEthernet high speed WIC, will likely do what you need now and will support growth.

See figure #3 in:

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/product_data_sheet0900aecd80581fe6_ps5853_Products_Data_Sheet.html

New Member

Re: Network Traffic Division

Am i right in thinking that the 1841 can also act as a hardware firewall and if so would it offer the same level of protection as our current 501 so that we could remove the 501 altogether and just use the Router for PBR and as a firewall.

Super Bronze

Re: Network Traffic Division

If the 1841 has the firewall feature set within its IOS, it can act as a firewall. I'm not familar enough with either to say whether they have exact feature parity or how fast a 1841 is compared to a PIX as a firewall. That noted, I suspect you probably could use just the 1841.

New Member

Re: Network Traffic Division

I have located this card based on your reccomendation of a 4 port fast ethernet HWIC is this the correct card.

http://www.pcwb.com/catalogue/item/CISWIC4E

Super Bronze

Re: Network Traffic Division

Belive it is.

New Member

Re: Network Traffic Division

OK that's great thanks for all your help

146
Views
0
Helpful
12
Replies