Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple Internet connections

We cuurently have two connections to the internet one in Los Angeles and one in Huntsville, Al. Each internal router goes through a pix fw than to the prospective ISP routers. I would like to set up the internal routers to act as a failover to each other. that way if LA goes down routes will go to Huntsville and the same in reverse. I thought about using static routes at each router i.e

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2

1111 to the internet and 2222 being the route to the other site. Would this work? Suggestions?

3 REPLIES
Bronze

Re: Multiple Internet connections

Hi

This way you would load balance between the two isp connections.

You have to setup a higher administrative distance for the "backup" route.

Like:

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2 200

This way the first goes right away into the routing table and the second will kick in when the network of 1.1.1.1 is not there anymore.

Hope that helps

Roger

New Member

Re: Multiple Internet connections

Thanks. I will give it a try

Silver

Re: Multiple Internet connections

Hate to burst your bubble, but unless 1.1.1.1 is on the other end of point-to-point link terminating on this router, this approach will not work. In particular, if 1.1.1.1 is the Ethernet IP of the PIX leading to the ISP router, unless the Ethernet LAN fails, your router will always think that 1.1.1.1 is reachable and will continue sending packets to the PIX even though the PIX no longer has a working route to the Internet.

What you want to do is use BGP between the outside routers and your inside routers so that your inside routers can detect when a path to the Internet has failed. This can be done with minimal impact on security, but it does take some care. If you're not sure how to do it, you may get some ideas from the Redundant Firewalls white paper on my web site (or Chapter 9 of my book).

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

114
Views
0
Helpful
3
Replies