Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Basic Redundant Internet connections

I have a PIX515E as a head office Firewall with one inside interface and one outside (ISP A). I would

like to have another ISP connection to provide redundancy, no load-balancing etc..

Since the PIX does not support two default gateways ( A larger metric on the command does not work when attemting a floating route, hence the second default route gets ignored, I tried it on the DMZ interface) I would like to place a three interface router infront of the PIX ( ie a 1720, 2600 ) and bring the two ISP's into this box and have the third interface connect to the outside interface of the PIX515. Can I do this on the IOS router easily? It is easy to conect the two ISP's and have two default routes ( the second with a larger metric ) but how do I configure the third interface with a Public address? which ISP routable address do I use? is there a method for such?

-------ISP A


-------ISP B

I would prefer to not use BGP if possible usless.... there is a way to do such without having to coordinate with the ISP's.

Thanks for any assistance you can offer.




Re: Basic Redundant Internet connections

Without BGP I do not think this is possible.


Re: Basic Redundant Internet connections

If you own the outside and inside routers, you don't need the cooperation of the ISP to use BGP between them--just set up iBGP sessions using a private as number, and pass the default through the pix as needed. That should work for what you want, if I understand your problem correctly.



New Member

Re: Basic Redundant Internet connections

I don't think you require bgp at all.

The way out of this problem is to use the ip address of ISP A for outside interface of Pix and use natting of public ip on interface connected to ISP B.

Reason to use natting is : If the ISP A connectivity fails than the public ip used on outside int of PIX won't work hence you require to nat the public ip of ISP A when using ISP B for internet.

For Eg;

int e1

desc "conected to Outside Int of Pix"

ip x.x.x.5

ip nat inside

int s0

desc "ISP-A"

ip x.x.x.1

int s1

desc "ISP-B"

ip y.y.y.1

ip nat outside

ip nat inside source static x.x.x.5 y.y.y.1

ip route x.x.x.1

ip route y.y.y.1 100