If anybody out there could help me set up the following scenario that would really be appreciated, here it is:
Main site: PIX>>Internet router>>ISP 1 and ISP 2
Remotes: PIX>>Internet router>>ISP 1 and ISP 2
Configs: IPSEC between PIX'S
The idea is to get GRE tunnels and to get redundancy if one of the ISP lines ever come down; also there is an inside router that we could use to build the tunnels or I was wondering if it makes more sense to build the tunnel interfaces on the outside routers how would it work.
Insufficient information to tell you how to do it, but enough to tell you it can be done (just not which way :-)
Assuming you are running BGP with your ISPs and have global addresses at both ends, the easiest way is to do a single IPsec tunnel from PIX to PIX and let BGP figure out which path to take through the internet. Note, however, that it can take a minute or two for BGP to do its thing for some modes of failure.
If you are not running multihomed with BGP, your best bet is to set up an IPsec tunnel for each ISP (distinguished by the IP addresses at each end) and run a routing protocol across those. This can be done router to router or PIX to PIX, but keep in mind that the PIX does not do fancy routing.
There are two examples of routing over IPsec explained in a white paper on my web site, which you should find interesting reading even if you choose to take a different approach. GRE tunnels work fine, but can reduce your path MTU, which may or may not be a concern for your application.
I'm not using BGP at all and I'm getting public ip's from both isp's as well, also I'm only using 1 Firewall which is connected to the router that has the two connections to the internet and I also have an inside router which could be used to build the tunnels.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...