Re: Can I use ethernet dmz port on the pix as a failover to a ca

jpoulos · ‎05-30-2002

I want to set a failover for my network using the pix. I have a T1 coming into a router and then into my pix 515. Can I add a ethernet card to my pix and make it the DMZ and connect it to a cable modem. Then can I weight a default route statement to it so that if the main T1 goes down, it will failover to the cable modem????? Let me know, or if there is a better way to do this.

Jpoulos

cjacinto · ‎05-30-2002

Unfortunately the PIX won't do this. You need to have a router infront of the PIX, then do the floating static on that one.

jpoulos · ‎05-31-2002

Do you mean that the PIX won't do a weighted static. My problem is that PIX does the NAT, and since the cable modem and the T1 have different address pools if the T1 fails the cable modem won't be usable because the firewall will be handing out the wrong IP addresses. Once they get to the external router, it is too late. Any ideas???? Thanks in Advance.

Jpoulos

rsnider · ‎06-03-2002

In order to have the ability to do this you will need an router on the cable modem connecting through a hub/switch to share the PIX outside interface with the T1 router. You would have to do the NAT in both routers. Set the PIX Gateway to the T1 router and let it control the routing. Failover with this senerio will be marginal because routing to the internet is static. Physical failure of the T1 is the only thing that will cause automatic failover. You can force the routing manually. This connection would work for outbound traffic only. If you require a true failover, consult with your ISP or a Cisco Sales Support Engineer.

Can I use ethernet dmz port on the pix as a failover to a cable modem???