cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
462
Views
0
Helpful
6
Replies

LAN----PIX-------Router(s)------2ISPs

seshu
Level 1
Level 1

Here my LAN (having servers also) is connected to PIX Firewall Inside. PIX Firewall outside is connectd to Gateway Router. Gateway Router is connected to ISP1. Everything is working fine. Here we have got another ISP2 connection. We want to do load balance between ISPs for outgoing and incomming traffic. Also we want to have redundancy at ISP level (I mean if one ISP fails total traffic incomming and outgoing should gothrough another ISP) Please tell how to do the same? What is the protocol I need to use? Please keep the point that I have free routers with sufficient ethernet and serial interfaces. Provide me the design which can do loadbalance and redundancy at ISP level.

Regrds

Seshu

6 Replies 6

Hello

Where you made nat translations or you don't.

Presently I am doing NAT (private IP to Global poll1 provided by ISP1) at PIX. PIX is conneted to Router and Router is connected to ISP1.

Now I want to connect ISP2 also for loadbalance as well as redundancy at ISP level. My ISP2 is provided me with Global Pool2 IP addresses.

I am not clear where to do NAT. I am waiting for your suggestion regarding this. Where to do NAT and how to achive above requirements.

Regards

Seshu

Hi,

the ultimate solution is to get your own set of Provider Independant (PI) IP addresses with with your own public Autonomous System number. Then run BGP between your front-end router and the 2 service provider.

If this is not possible, try to get an agreement with your 2 service providers where one of them would be willing to advertise (thru BGP) the network/subnet that you have received from the other provider. this also involves running BGP (may be with a private AS number) on your front-end router.

If this is still not possible then you'd have to perform NAT on the router itself when using the secondary link. This would more more a backup solution than a load balancing one, and you would still have an unsolved issue with your servers being accessible from the 'back-up' link. (may be you can do duplicate DNS registration using different names)

Hope this helps.

Ciao :-)

Hi,

Your second suggestion is sounding good. That is

"try to get an agreement with your 2 service providers where one of them would be willing to advertise (thru BGP) the network/subnet that you have received from the other provider. this also involves running BGP (may be with a private AS number) on your front-end router."

Can you please elobarate how to achieve load balance in this scenario.

Is it possible to use both the Global Pool addresses (Pool1-----ISP1 and Pool2-----ISP2) simultaniously.

If so please let me know how to configure PIX for the same.

Expecting for your early reply.

You can reach me at: seshuv@idrbt.ac.in

Regards

Seshu

kjanakiraman
Level 1
Level 1

If you want to achive both inbound and outbound Redudancy you could go for BGP. But using BGP you cannot achieve perfect Load Balacning but the router will decide which is the shortest route to the destination. Apart from that the Pix firewall can take only one Default Gateway. So if you have two isps and if you want to use both your service providers ip address for your webservers like X.X.X.X for one and Y.Y.Y.Y for another it is not possible(i.e) you could effectively use one ISP ip address for your network for nating in the firewall. You can achive by NATing the Cisco Router and it is a big process. If you need info about how to go i will mail you in detail. Hope this will be of help to you.

hi kjanakiraman

Thank you very much for your responce.

I will be greatful to you if you can send me mail in detail.

Awaiting for your e-mail.

You can reach me at seshuv@idrbt.ac.in

Regards

Seshu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: