From: Derek Buelna (dameon@xxxxxxxxxxx)
Date: Wed Aug 30 2000 - 01:02:33 GMT-3
Hi,
Here is an interesting design problem:
There is a PIX with two inside and one outside interface.
The PIX can only be configured with a single default gateway on the outside.
You are of course not allowed to run a routing protocol on the PIX.
You are connecting to two ISP's but you can't run BGP. Provide load
balancing and redundancy. (yeah sure)
Solving this by using policy routing, which can apparently only deal with
route-map source and size attributes does appear to be all that 'cool'. If
you do this with two routers on the outside of the PIX running HSRP, the
primary one seems to need an additional interface and you need to use
secondary addresses. Assuming that you apply a policy to inbound traffic on
the primary HSRP router; forwarding traffic from one of the internal nets
to the other router, you can make it so he'll forward it back if his link is
down, although you would need to forward it to a different interface on the
primary HSRP router so the policy wouldn't apply. A bit kludgey.
Your thoughts will be appreciated,
-Derek
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:32 GMT-3