Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet Access Redundancy

Hello,

I am using a pix501 firewall as my internet gateway and vpn server to serve internal corporate staff and remote users. The pix501 is currently connected to a cable modem to get outside. I intend to implement another redundant high-speed connection to my existing solution as a backup. But, I do not want to reconfigure the pix from ground up when i switch between the 2.

Is it as simple as changing the external ip address on the pix and do a write mem and i am done!?

Please post your suggestions!

Thank you.

travis.

5 REPLIES
New Member

Re: Internet Access Redundancy

Adding a second link to the PIX should be easy and straight forward. All you wil need is to configure your IP address on the interface, or just configure it to get a dynamic address from your service provider.

Now, to have these two links backup to one another without any human intervention should also be easy. I would assume you are getting a dynamic IP from both providers (cable modem and DSL), in such case, you will have two different gateways in your PIX routing table once each ISP DHCP releases an IP address for your interface.

Issue “show route” command in the PIX prompt to double check on that, you should have something like,

outside 0.0.0.0 0.0.0.0 200.200.200.1 OTHER static

In some situations unfortunately, PIX will only hold one gateway information, not two, in such case, you may need to configure a secondary one by yourself with "route" command. Let me know what you currently have in your PIX routing table.

New Member

Re: Internet Access Redundancy

osam,

i am using static ip and will be static all the way.

i have the following as "show route" displays...

outside 0.0.0.0 0.0.0.0 33.231.222.1 1 OTHER static

outside 33.231.222.0 255.255.252.0 33.231.222.44 1 CONNECT static

inside 192.168.0.0 255.255.255.0 192.168.0.1 1 CONNECT static

what do you think i need to do here?

thanks!

travis.

New Member

Re: Internet Access Redundancy

I don't think you will need to do anything.. the links will be redundant as long as your ISP releases IP for you. Try to disconnect the link that has the 33.231.222.1 IP and see how it goes.. you should get another default gateway from your other interface.. Just give it like a minute or so to get the ip.

Have you already configured "ip address xxxx dhcp" in both interfaces connected to your ISPs? If so, there shouldn't be a problem.

The only thing that you won't be able to do though is to load balance between both links.

New Member

Re: Internet Access Redundancy

osam,

I already have 2 different static ips given by our isps. I am not using dhcp at all.

Can add another static ip to the outside interface?

I don't understand when you say configuring dhcp in both interfaces connected to your isps! There's only one outside interface on the pix501 and in my case, I want it to use different IP without user intervention.

thanks.

travis.

New Member

Re: Internet Access Redundancy

Yes, I thought you have 515.. that's why I was under the impression that you have two outside interfaces..

But anyway, yes, you sure can add more than one static route as long as they have different metric values..

route outside 0.0.0.0 0.0.0.0 gw.gw.gw.gw 2

92
Views
0
Helpful
5
Replies
CreatePlease login to create content