I have a client with two internet connections protected with two separate PIXs. One is the main connection (cable) used by everyone in the office. The second line is (DSL) has a static IP and is being used by only a few servers on the network. Occasionally the main cable (main) line goes down. When that happens, I'd like the main PIX (10.0.0.1) to redirect everyone in the office to the other PIX (10.0.0.2). I don't suppose that adding a second default gateway to the DHCP scope's configuration is a good idea. What's the most efficient way to accomplish this?
Hi .. you could try adding a second default route with a higher metric on your primary PIX which points to the second PIX.
I hope it helps .. please rate if it it does !!!
This can't be done on the PIX. PIX does not allow traffic to go in and then outside the same interface. Moreover, PIX can't trigger if you 1st ISP is down because you have a cable connection which means ethernet that does not go down.
My advise is to have an internal router which has a default route to primary PIX and another floating route to the other PIX. The issue is how to trigger that first ISP goes down. The well know ways are:
1- Dyanmic routing with the ISP (Eigrp or OSPF)
2- IP SLA or route tracking. However PIX ver 7.2.0 support this feature.
Please let me know if I could help and rate please,
Remark: adding a second default route on your DHCP for client machine won't help unless your first PIX inside interface goes down.
Thanks for the response. The Ethernet does go down actually. The outside interface on the PIX is plugged in directly into the cable modem so when the cable goes out, the link on the PIX goes shuts down. The problem is that the cable modem doesn't come back to live when the line does and it's needs to be reset manually.
Unfortunately, adding adding a router is not in the budget at this time.
Actually, version 7.2(1) allows interface tracking to allow for a floating default route.
If you have a pix 515 or higher you can run 7.x code. A ram upgrade me be needed.
Note: This will just work if the primary gateway for the internet is physicly down otherwise he will never see that the primary link has a problem.
Forget about my message have not seen the post before...