From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Wed Aug 30 2000 - 11:49:21 GMT-3
Other option is have 2 serial modules on your router connecting to 2
different ISPs doing policy routing. PIX just forwards everything to router.
Have 2 different NAT pools on PIX and use those 2 respective global pools to
do the polocy routing on router.
Sam
> Hi,
>
> Here is an interesting design problem:
>
> There is a PIX with two inside and one outside interface.
> The PIX can only be configured with a single default gateway on the
outside.
> You are of course not allowed to run a routing protocol on the PIX.
>
> You are connecting to two ISP's but you can't run BGP. Provide load
> balancing and redundancy. (yeah sure)
>
> Solving this by using policy routing, which can apparently only deal with
> route-map source and size attributes does appear to be all that 'cool'. If
> you do this with two routers on the outside of the PIX running HSRP, the
> primary one seems to need an additional interface and you need to use
> secondary addresses. Assuming that you apply a policy to inbound traffic
on
> the primary HSRP router; forwarding traffic from one of the internal nets
> to the other router, you can make it so he'll forward it back if his link
is
> down, although you would need to forward it to a different interface on
the
> primary HSRP router so the policy wouldn't apply. A bit kludgey.
>
> Your thoughts will be appreciated,
>
> -Derek
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:33 GMT-3