Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Routers to Internet

I have a Cisco 3620 connected to an Internet frame circuit. Behind the router I have a Checkpoint/Nokia firewall. Behind the firewall I have a 1721 router with a default route to the Checkpoint inside interface. When the Internet circuit goes down, I want the traffic destined for the Internet to go over to a completely different router on the same subnet as the inside ethernet of the 1721. How can I get the 3620 to send out routing info that the interface is down. I can get the info to pass thru the firewall to the 1721 and possibly distributed through EIGRP? How can I override the static route on the inside 1721 to be the other router?Any suggestions?

2 REPLIES
Gold

Re: Routers to Internet

If the firewall runs some sort of routing (probably rip?), then you could set up a default static to the serial interface on the outside 3640, and redistribute this into rip. The firewall could pick this up, and send it, through rip, to the inside router, which could then redistribute it into eigrp. If this link fails, then the entire chain would break, leaving you with just the "other" default route.

Another option is to run bgp between the 3640 and the inside router, punching a hole through the firewall for bgp. The static default would be redistributed into bgp, which would then be redistributed into eigrp at the inside router. This would also notify you when the link fails, leaving you with the "other" default route.

Russ

Community Member

Re: Routers to Internet

As an option, you could position your other router on the same subnet as your inside interface on the 3620 and run HSRP. Your 3620 will be the active router and your other router will be the standby router. If your active router's link (serial or ethernet) goes down, the standby will become the active router within seconds and transparent to your users, but you will need to setup tracking the serial interface on your 3620. This is all part of the configuraton for HSRP.

This way, you are not bypassing your firewall.

97
Views
0
Helpful
2
Replies
CreatePlease to create content