11-27-2001 06:34 AM - edited 02-20-2020 09:55 PM
We have Internet feeds from two isp's. Routers running BGP and two Pix 525s configured with statefull failover. I would like to use both the links for load balancing and not use hsrp. All the notes I have read point to placing a router in front of the firewall and behind the two Innternet routers. This obviously creates a single point of failure which we would like to avoid. To summarise, how do I get the firewall to use both links?
Thanks
11-29-2001 11:03 AM
Configure HSRP on the two Internet routers. Connect a crossover between the 2 routers and Run IBGP between them. This has worked great for several of my customers.
12-03-2001 01:44 AM
thanks for your reply. Could you please elaborate a bit more. Eack of my routers have single ethernet ports that connect to the lan segment with the firewall. Do I need another ethernet port? If I run HSRP will it not use the primary router for all outbound traffic? How does your soluation load balance?
12-03-2001 06:38 AM
I worked on this exact issue about 6 months ago. My memory is quickly fading, but I do know that you will not be able to get the PIXs to load balance unless you use a device like the CSS11000 in front of and behind the PIXs. Essentially, you have will be able to design redundancy, but not load-balancing.
We put one router with multiple ethernet interfaces between the PIXs and our 2 ISP routers. We performed policy routing based on the source address of our lan segment hosts. We had a class C, so we policy routed even IP address out of ISP router A and odd IP addresses out of ISP router B.
I was just as unimpressed that there were no specific examples of this type of configuration anywhere on CCO.
12-03-2001 11:48 AM
You can use a load balancing switch/router to load balance the PIX firewalls and your border routers. I am running an identical environment using BIG IP 5000's from F5. You may not need application load balancing of that nature or price ($$$) Cisco Arrowpoint switches, Foundry, and Alteon all make these switches/routers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide