Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2583
Views
8
Helpful
9
Replies

Backup default route

ph0enix
Level 1
Level 1

‎10-29-2006 07:48 AM - edited ‎03-09-2019 04:42 PM

I have a client with two internet connections protected with two separate PIXs. One is the main connection (cable) used by everyone in the office. The second line is (DSL) has a static IP and is being used by only a few servers on the network. Occasionally the main cable (main) line goes down. When that happens, I'd like the main PIX (10.0.0.1) to redirect everyone in the office to the other PIX (10.0.0.2). I don't suppose that adding a second default gateway to the DHCP scope's configuration is a good idea. What's the most efficient way to accomplish this?

Thanks!

Labels:
0 Helpful
9 Replies 9

Fernando_Meza
Level 7
Level 7

‎10-29-2006 08:38 PM

Hi .. you could try adding a second default route with a higher metric on your primary PIX which points to the second PIX.

route 0.0.0.0 0.0.0.0 10.0.0.2 5

I hope it helps .. please rate if it it does !!!

0 Helpful

m-haddad
Level 5
Level 5
In response to Fernando_Meza

‎10-30-2006 08:08 AM

This can't be done on the PIX. PIX does not allow traffic to go in and then outside the same interface. Moreover, PIX can't trigger if you 1st ISP is down because you have a cable connection which means ethernet that does not go down.

My advise is to have an internal router which has a default route to primary PIX and another floating route to the other PIX. The issue is how to trigger that first ISP goes down. The well know ways are:

1- Dyanmic routing with the ISP (Eigrp or OSPF)

2- IP SLA or route tracking. However PIX ver 7.2.0 support this feature.

Please let me know if I could help and rate please,

Remark: adding a second default route on your DHCP for client machine won't help unless your first PIX inside interface goes down.

Regards,

ph0enix
Level 1
Level 1
In response to m-haddad

‎10-30-2006 09:34 AM

Thanks for the response. The Ethernet does go down actually. The outside interface on the PIX is plugged in directly into the cable modem so when the cable goes out, the link on the PIX goes shuts down. The problem is that the cable modem doesn't come back to live when the line does and it's needs to be reset manually.

Unfortunately, adding adding a router is not in the budget at this time.

0 Helpful

cpembleton
Level 4
Level 4
In response to ph0enix

‎10-30-2006 10:08 AM

Actually, version 7.2(1) allows interface tracking to allow for a floating default route.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

If you have a pix 515 or higher you can run 7.x code. A ram upgrade me be needed.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_upgrade_guides09186a0080369ee2.html#wp1790859

ph0enix
Level 1
Level 1
In response to cpembleton

‎10-30-2006 12:11 PM

Thanks! ...I'm trying to configure this but the "route backup" command isn't recognized. I'm running PIX 7.2(1) on a 515E. Any ideas?

0 Helpful

ph0enix
Level 1
Level 1
In response to cpembleton

‎10-30-2006 12:14 PM

Perhaps this is due to the fact that the default route is dynamically assigned by the DHCP server[?]

0 Helpful

ph0enix
Level 1
Level 1
In response to cpembleton

‎10-30-2006 12:32 PM

Never mind. That won't work for me since I don't have a spare NIC on the PIX that can be used as the backup route. Thanks anyway!

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to Fernando_Meza

‎10-30-2006 10:15 AM

Note: This will just work if the primary gateway for the internet is physicly down otherwise he will never see that the primary link has a problem.

Forget about my message have not seen the post before...

:-(

sincerely

Patrick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents