Here my LAN (having servers also) is connected to PIX Firewall Inside. PIX Firewall outside is connectd to Gateway Router. Gateway Router is connected to ISP1. Everything is working fine. Here we have got another ISP2 connection. We want to do load balance between ISPs for outgoing and incomming traffic. Also we want to have redundancy at ISP level (I mean if one ISP fails total traffic incomming and outgoing should gothrough another ISP) Please tell how to do the same? What is the protocol I need to use? Please keep the point that I have free routers with sufficient ethernet and serial interfaces. Provide me the design which can do loadbalance and redundancy at ISP level.
the ultimate solution is to get your own set of Provider Independant (PI) IP addresses with with your own public Autonomous System number. Then run BGP between your front-end router and the 2 service provider.
If this is not possible, try to get an agreement with your 2 service providers where one of them would be willing to advertise (thru BGP) the network/subnet that you have received from the other provider. this also involves running BGP (may be with a private AS number) on your front-end router.
If this is still not possible then you'd have to perform NAT on the router itself when using the secondary link. This would more more a backup solution than a load balancing one, and you would still have an unsolved issue with your servers being accessible from the 'back-up' link. (may be you can do duplicate DNS registration using different names)
"try to get an agreement with your 2 service providers where one of them would be willing to advertise (thru BGP) the network/subnet that you have received from the other provider. this also involves running BGP (may be with a private AS number) on your front-end router."
Can you please elobarate how to achieve load balance in this scenario.
Is it possible to use both the Global Pool addresses (Pool1-----ISP1 and Pool2-----ISP2) simultaniously.
If so please let me know how to configure PIX for the same.
If you want to achive both inbound and outbound Redudancy you could go for BGP. But using BGP you cannot achieve perfect Load Balacning but the router will decide which is the shortest route to the destination. Apart from that the Pix firewall can take only one Default Gateway. So if you have two isps and if you want to use both your service providers ip address for your webservers like X.X.X.X for one and Y.Y.Y.Y for another it is not possible(i.e) you could effectively use one ISP ip address for your network for nating in the firewall. You can achive by NATing the Cisco Router and it is a big process. If you need info about how to go i will mail you in detail. Hope this will be of help to you.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...