Re: Pix with Two ISP

From: nitin (ni36ne@hotmail.com)
Date: Mon Sep 16 2002 - 04:38:53 GMT-3

• Next message: stephen.paynter@bt.com: "RE: Summarization problem"
• Previous message: Reinhold Fischer: "Re: Pix with Two ISP"
• Maybe in reply to: nitin: "Pix with Two ISP"
• Next in thread: Reinhold Fischer: "Re: Pix with Two ISP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
What if i dont require load balancing, and half network traffic should go
through router A and half through router B. Default gateway will be Pix.
But if any one of the router goes down, other router should take the
traffic.

Regards
Nitin

----- Original Message -----
From: "Reinhold Fischer" <rfischer@flexnetworks.de>
To: "nitin" <ni36ne@hotmail.com>
Cc: <ccielab@groupstudy.com>; <security@groupstudy.com>
Sent: Monday, September 16, 2002 12:31 PM
Subject: Re: Pix with Two ISP

> Hello Nitin,
>
> there is probably more than one way to solve this problem.
>
> For the load balancing part you usually need to have BGP with full
> internet routing tables on your routers with your own AS and own
> ip address space.
>
> To achive the redundancy i would use HSRP between the two routers to
> provide a redundant default gateway for the PIX. There may be a bit
> suboptimal routing in some cases when traffic gets sent to the
> active HSRP router which decides then due to its better topology
> knowledge through bgp that the traffic should better go over the
> other router. As long as you have the requirement to do loadbalancing
> between the ISP's there is no way to get around this because you
> don't want try to give the pix a full routing table with RIP ;-)
>
> The PIX itself and the switch between the PIX and the routers would
> still be a single point of failure except you go for a cluster of
> two there.
>
> ISP-A ISP-B
> | |
> | WAN | WAN
> | eBGP | eBGP
> | iBGP |
> Router1-----------------Router2
> | back2back FE |
> | |
> | |
> | <------HSRP------> |
> +---------+ +---------+
> | |
> Switch
> |
> Pix
>
> The direct back2back ethernet between the routers may not be necessary
> in all cases but it helps to provide the redundancy and avoids sending
> the traffic two times over the same wire as it would happen in the
> case of subobtimal routing as described above.
>
>
> cheers !
>
> Reinhold
>
> On Mon, 16 Sep 2002, nitin wrote:
>
> > Hi,
> > I want to setup a Pix firewall on the network where i have two
different ISP
> > connections with two routers, I want users on the network should access
> > internet from the two ISP's in load balancing and redundant fashion. Can
any
> > one suggest how do i configure firewall for this setup.
> > Any one has done this kind of setup?? sample configuration would be
> > appreciated..
> >
> > Thanks in advance
> >
> > Nitin Sahane

• Next message: stephen.paynter@bt.com: "RE: Summarization problem"
• Previous message: Reinhold Fischer: "Re: Pix with Two ISP"
• Maybe in reply to: nitin: "Pix with Two ISP"
• Next in thread: Reinhold Fischer: "Re: Pix with Two ISP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:53 GMT-3