Re: [fw-wiz] PIX Dual line Internet HDSL and ADSL

From: Daniel Linder (dan_at_linder.org)
Date: 11/01/05

  • Next message: Brian Loe: "[fw-wiz] scanning..."
    To: felix@felix.it
    Date: Tue, 1 Nov 2005 10:32:31 -0600 (CST)
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Mon, October 24, 2005 04:48, Felice Gaiba wrote:

    > My name is Felix,

    > I have a problem, I possible configure a PIX 515 for this
    configuration?

    [ASCII picture removed...]

    > Is necessary for me using Internet 1 Router if Internet 2 Router or
    Line

    > is down and viceversa.....

    > And, certain PC exit from Internet 2 and another from internet 1.

    > The Software in a PIX is Version 6.3

    Your basic setup is that you have two Cisco routers, each connected to
    their own Internet connection, and a Cisco PIX firewall.  Your
    drawing has the "inside" interface of each Cisco router going to
    a different port on the PIX firewall -- this will make things much more
    difficult to setup since those two interfaces will have two different
    security levels.

    My first thought is to put the two routers and the Pix outside port into a
    single switch and configure HSRP and BGP (IBGP?) between the two
    routers.  This will allow the PIX to use the HSRP address to get out,
    regardless of the actual state of either router.  Furthermore, BGP
    can then be configured to watch the Internet links status and when one
    goes down it will remove the affected routes from the shared routing
    table.

    It's been a while since I have had to set this up, and the size of your
    routers and/or your ISPs features might be a limiting factor for the BGP
    setup.  HSRP should be configurable on nearly any Cisco router from
    what I remember.

    Dan

    - - - - -

    "Wait for that wisest of all counselors, time." -- Pericles

    "I do not fear computer, I fear the lack of them." -- Isaac
    Asimov

    GPG fingerprint:6FFD DB94 7B96 0FD8 EADF 2EE0 B2B0 CC47 4FDE 9B68

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFDZ5iesrDMR0/em2gRAnzyAKCqeEmHwo0vHwa+CTr+HyWSKdyU1ACgvvIc
    LPRzgZYoUbwqg0Q4dn71i8k=
    =APsp
    -----END PGP SIGNATURE-----

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Brian Loe: "[fw-wiz] scanning..."

    Relevant Pages

    • Re: OT:--CISCO EXPERTS...
      ... Router has been delivered to clients site, IP has been put in by supplier ... > password to access the configuration section of the router. ... > should also be disabled leaving connection via SSH or Hyperterminal. ... >> Client has a cisco router with blue cable from pc to router also x-over ...
      (microsoft.public.windows.server.sbs)
    • Re: Image file question or Router fault
      ... I got a spare 2610 cisco router recently and I configured it ... exactly like the 1720 router just for backup, ... Most likely its a configuration issue. ...
      (comp.dcom.sys.cisco)
    • Re: OT:--CISCO EXPERTS...
      ... The blue cable allows you to connect to the router using the PC ... be disabled leaving connection via SSH or Hyperterminal. ... Can you post back with the model of router and what configuration changes ... > Client has a cisco router with blue cable from pc to router also x-over ...
      (microsoft.public.windows.server.sbs)
    • Re: SBS 2003 Misconfigured?
      ... Netgear router because it has 8 ports, utilizes UPNP (at least it did it ONCE ... You mentioned that you assigned the ISP IP to netopia AND the netgear. ... You *can* configure the netopia to operate in bridged mode, but in this configuration, it is literally acting as modem, converting DSL/ATM traffic to ethernet and would not hold a public IP of its own. ... Quickbooks on my server (I know, I shouldn't but I HAVE to because another ...
      (microsoft.public.windows.server.sbs)
    • Re: SBS 2003 Misconfigured?
      ... I agree, with what I could have / should have done as far as the router, ... Why didn't you just disconnect the Netgear and not touch the Netopia? ... Which, based on the configuration you gave, is part of the ...
      (microsoft.public.windows.server.sbs)