Hi all. Not sure if this belongs here or in the WAN section (it's a little of both), but here goes:
We currently have two corporate offices connected via point-to-point T1, terminating at 3640 routers. In our main office, we have a T1 to the Internet, connected through a PIX 515-R. We recently added a DSL line in the other office from a different carrier, also protected by a PIX 515-R. My question is this: how can we achieve redundancy? If one Internet link goes down, how can we dynamically reroute traffic down the inter-office T1 and out the other Internet link? Do we need to run BGP or is there a simple route map we can set up? Will running RIP between the PIXes accomplish this same thing? Any help or suggestions would be greatly appreciated.
Lots of questions here.... Are you using the same address space with both service providers (both service providers are advertising the address space you're using)? If so, how are you splitting the pool of addresses on the PIX?
Generally, as long as you are dynamically injecting a default from the pix back towards your network, and the default "goes away" when your connection to the ISP fails, the traffic should flow over the alternate link. You will most likely lose current sessions, and such, but you will come back up when you re-establish the session. Now, the real issue is getting the default to "go away" when the link to the ISP fails at one end. I assume there is a router, then an ethernet, then the pix, correct? If so, the either running BGP through the pix:
Just to get the default down from the edge router through the pix, can be useful. Another option is to set up a static default on the edge router, and redistribute this into rip. Then run rip on the pix, and allow the default route through. Finally, run rip on the inside router, and redistribute the default route into your normal routing protocol.
So, there are a couple of options here; if you need help with a specific option, let us know.
another consideration is if you are just talking outbound traffic (and responses), or do you have email and web servers that people from outside need access to. first case is fairly easy, second is much more difficult.
Thanks for the suggestion. The redistribution of RIP seems to be working well. I was hoping for something a little more elegant; seems this shouldn't be so convoluted. I know the PIX finally supports OSPF... when oh when can I get EIGRP :)
The problem is that we've not been able to make much of a business case for eigrp through a pix. We have been working on eigrp _through_ a pix, and that should be coming at some point, just running eigrp on the pix is a little harder to get the pix folks to do.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...