[fw-wiz] Query regarding Cisco Router

From: prasad_patkar (prasad_patkar@pcsil.com)
Date: 09/24/02

From: "prasad_patkar" <prasad_patkar@pcsil.com>
To: <auscert@auscert.org.au>
Date: Tue Sep 24 08:25:02 2002

 Hi all

I have Query regarding ROUTER.
I have 2 different ISP connections 1st DSL Connection (Broadband) & 2nd 2Mpbs Leased Line.
I want to terminate both on router Cisco 1751V and configure it for fail over i.e fail over of ISP

Router is required to be configured for fail over. I.E if 2Mbps LL fails DSL will take over & Vice versa.

I have connected Firewall behind it. Firewall has only 3Ports(LAN, WAN, DMZ) Both ISP have provided 4 Ips. 2 IPs from both ISP are used for DMZ servers (Mail & Application).
Both ISP are told to put DNS entries of others IP in their DNS Server. (i.e. DSL will put IP of Leased Line ISP and vice versa).

Firewall cannot have 2 WAN gateways.

Firewall is to be configured for Leased Line ISP provider.

WAN IP of Firewall === IP of Leased Line ISP.
Gateway of Firewall === IP of Leased Line ISP


1) DSL hathway connection will be used only for Internet Access.
2) 2mbps Leased Line ISP will be used only for Remote Office accessing Application server and Mail being downloaded in Mail Server.
3) E.g. If user wants to access a Internet, then request will be forwarded by Proxy server if customer has it or it will be directly forwarded to LAN IP of Firewall which will be in turn forwarded to router. Router has to forward it to DSL connection. All internet surfing has to be done only through DSL connection

Can traffic coming from Firewall WAN Port be directed by Router accordingly. I.e if Http traffic is coming from Firewall to router Router has to Direct it to Hathway. While all incoming will be coming via Leased Line ISP.

Can router be configured in such a way that if HTTP request I.e port 80 traffic is coming it can be directed to DSL Connection(BroadBand ).While incoming HTTP or any other traffic used for accessing internal MAIL SERVER & Application server has to be only through LEASED LINE ISP.

Only when either fails one of them has to take care of other. I.e if DSL connection fails then router has to automatical diver all traffic to Leased Line ISP. And if Leased Line ISP fails it has to direct the traffic to DSL connection.

For achieving this what changes I have to apply in hardware or any request has to be given to ISP Provider.



Prasad Patkar
Sr Engg-Networking
TELEPHONE:- 2875525-29 

Relevant Pages

  • Re: DMZ (De-militarized Zone)
    ... > Cisco 800 series router which gets configured by our ISP! ... > firewall software and 3 NIC) to used instead of a Router/Firewall? ...
  • RE: Packets from (was: Packet from port 80 wi th spoofed microsoft.com ip)
    ... I wouldn't expect the ISP to provide this service for nothing - some ISPs ... purchase and manage an additional filtering router. ... two-brain rule (where at least two people are involved in a firewall change ... use up precious customer bandwidth. ...
  • RE: [fw-wiz] Query regarding Cisco Router
    ... as well as router to firewall interface can use ... is dynamic_objects) with the new set of IPs from the second ISP. ... I have connected Firewall behind it. ... Both ISP are told to put DNS entries of others IP in their DNS Server. ...
  • Re: Load-balancing across four T1s on 2 routers
    ... since you have everything redundant (2 routers from an ISP + ... switches + firewall with failover) why ONE ISP? ... switch will then see 2 UN-equal cost default routes in its routing ... lose a T1 - you lose the "whole" router because of OSPF. ...
  • FW: iptables anti-nimda anyone?
    ... border router but your pipe from your ISP is still going to get the traffic. ... ISP to filter the packets before they get into your Internet pipe. ... Then you next configure your firewall to do all the rest of the suggestions ...