Cisco Support Community
Community Member

Internet Failover

We have a small network with a PIX 506E connected to a partial T1 to provide internet connectivity. We addes a DSL circuit as a backup to the T1. To save $ we purchased a second 506E to secure the DSL circuit rather then purchase a 515E with additional interfaces to accomodate the DSL circuit. All clients receive the LAN interface of the PIX connected to the T1 as their primary gateway and the LAN interface of the other PIX connected to the DSL as a secondary gateway. If we simulate a fail of the either PIX by disconnecting the LAN interface trafic routes over the other circuit to the internet. We would like to confugure the PIX's to provide failover for the internet circuits. We tried to add the LAN interface of PIX B as a secondary default gateway (with a higher metric number) on PIX A and the LAN interface on PIX A as a secondary default gateway on PIX B, without success. Any ideas on how to correctly configure this would be very appreciated.

PIX Details:

PIX A connected to partial T1

LAN Interface

WAN 66.238.x.x

Gateway 66.238.x.x

PIX B Connected to DSL Modem

LAN Interface

WAN 64.170.x.x


Community Member

Re: Internet Failover

I am not sure if the second PIX is going to help you in any way to achieve the WAN backup. What you should have done is to enable RIP between your o/s if of PIX and your Service providers to provide redundancy. This may not be an absolutely viable solution, but just sharing my thoughts

Community Member

Re: Internet Failover

I might suggest removing Pix B and placing both The fractional T1 and the DSL connections on an external router. Let PIX A secure both connections and handle failover within the external router. Place an access list on your external router as your first line of defense toward security.

CreatePlease to create content