We have two Internet connectivity in our office. One is through Leased line and other through Business ADSL line. Right now we are routing the Internet traffic manually through policy based routing in L3 Core Switch and NaTing through both the PIX. Now we are planning for automatic backup routing by using these two lines. What is the procedure to do this? Please fine below the existing setup,
Internet Leased line setup:-
LL Modem ----> Internet Leased Router -----> Cisco PIX ---> Cisco Core L3 Switch -----> Users/Servers connected
Business ADSL Setup:-
ADSL Router -----> Cisco PIX ---> same Cisco Core L3 Switch -----> Users/Servers connected.
being the PIX in the middle the L3 core switch should have some form of L3 communication with the Internet Leased Router via the PIX.
This is under the assumption that you can control and configure the Internet leased router.
If both ADSL router and Internet Leased Router were not controlled by you I'm afraid that nothing can be done.
It is also possible to configure the PIX to manage the alternate routing but again some config on the leased line router is needed.
What if the Leased line router is up but the leased line is down ?
This is the event that dynamic routing can manage and static routing cannot.
the Internet leased router should generate a default route in BGP or in a routing protocol only if the leased line is up and running.
See for example of routing with PIX
the internet leased router can use
ip route 0.0.0.0 0.0.0.0 ser0
router ospf 10
network 10.0.0.0 area 0
default-information originate metric-type 1
without the always keyword the router should generate a default route only until its own static default route is valid.
A further tuning could be that of using reliable static routing to be able to trace public ip next-hop reachability on the leased line.
the PIX taking part in OSPF domain can pass the default route to the L3 core switch.
if the ADSL router is capable of OSPF routing it can inject a default route with worse parameters (metric-type 2 is never preferred over type 1)
Some thought can be needed to perform NAT correctly
Hope to help
Thanks for your quick reply. Let me explain our setup in detail. Both the Internet links are connected through two different Routers and two PIX which is finally terminating in one L3 switch. From your solution, I think TRACK OBJECT solution will be a good. But I dont have any idea of how track object works in our scenario. Right now, default route in L3 switch is point to the Leased line PIX and we have route map configuration in L3 done for ADSL Internet routing for some VLAN's access-list, if Leased line is down, I manually route this through ADSL, by adding these VLAN's Ip over ADSL routemap. Now as you instructed I need this done automatic through TRACK object.
Could you explain more about the physical connectivity.
How currently the (Internet Leased lint setup) Interconnected with (Business ADSL setup)?
which Automatic Backup are you considering? The WAN link or the LAN link? There are multiple ways to achieve redundancy here based on your criteria.
I see there are actually two PIX firewalls one towards the leased line and one towards the DSL line.
This probably helps in doing NAT.
If you control the leased line router and the ADSL line router the solution I've suggested can work.
The idea is to have a routing protocol like OSPF to propagate default route information from leased line via pix leased to L3 core switch.
A worse default route can be propagated by the DSL line router via pix DSL to the L3 core.
the leased line router needs to verify the validity of its own default static route using object tracking.
for the object tracking configuration see section
Configuring Cisco IOS IP SLAs for Cisco IOS Release 12.3(14)T, 12.4, 12.4(2)T, and 12.2(33)SXH
A simpler solution that can be working also is that of using reliable static routing directly on the L3 core switch.
Hope to help
Sorry for my late reply. Please find attached our existing L3 Core Switch configuration (route map + routings). Other then this, we have configured NATing for these networks through both PIX firewall. Please help us in configuring TRACK OBJECT for this setup/configuration.
Adding to GUI's post, Reliable static route with Object tracking is one solution.
Both L3 Switches should have 2 Uplinks to every pix, As well as every pix should have 2 uplinks toward both routers, Both could apply Object tracking with reliable static routing.
Another option is to configure OSPF between the Upstream Routers and the Pixs. and have one of them to learn 2 default routes. this would gurantee load sharing and redundancy
However, There is still a single point of failure on the upstream link from the Internet routers toward their Internet providers. The Best approach is to Have IBGP to connect ur both Edge routers. Assuming u have EBGP between u and both Provider, you could also then look at BGP load sharing with different Service providers.