From: Sam Munzani (sam@munzani.com)
Date: Fri May 28 2004 - 10:13:25 GMT-3
You missed the original e-mail. They don't have deep pocket to implement BGP
routing. Neither I know any DSL provider who would do BGP routing across the
DSL lines.
Sam
> Try BGP session through PIX-es between the the ISP routers and the
internal router.
>
> Gabor
>
> -----Original Message-----
> From: Sam Munzani [mailto:sam@munzani.com]
> Sent: Thursday, May 27, 2004 6:48 PM
> To: Carlos G Mendioroz
> Cc: ccielab@groupstudy.com
> Subject: Re: Network design case study
>
>
> I thought about that tool. However PIX will not forward any default
learned from outside interface to inside. If PIX can announce conditional
default to internal network, my problem would be solved. e.g. If PIX learns
default from ISP nodes, then and then it will announce default to internal
network otherwise would not.
>
> I already have started on TCL script as a last resort but was curious if
can be done without TCL.
>
> Thanks,
> Sam
>
>
> > Do you have fixed IPs in the T1 ?
> > What about asking your T1 provider to enable RIP and send you a
> > default, or a local network...
> >
> > You need some means to get a keep alive scheme. If anything else
> > fails, resorting to a tcl script might work... never tried that
> > though.
> >
> > Sam Munzani wrote:
> >
> > > Hi,
> > >
> > > A friend of mine stumped me on using DSL backup for their Internet
> > > T1
> line.
> > > Below is how they are setup.
> > >
> > > ---------Internet----------
> > > | |
> > > ISP1(T1) ISP2(DSL)
> > > | |
> > > PIX-515 PIX-506
> > > | |
> > > ----- Router(R1) -------
> > > |
> > > Switch
> > >
> > > All users are connected to internal switch. ISP devices are part of
> their
> > > managed service so customer does not have access to it. CPE starts
> > > at
> PIX
> > > firewalls. They way it's done now is everybody's GW is router's
> > > ethernet interface. Router has default route pointing to PIX-515. In
> > > case of T1 failure, manually change that default route to point to
> > > PIX-506. Both firewalls has necessary NATs, rules defined properly
> > > so they start using
> DSL
> > > for internet. They don't have deep pocket for BGP so inbound mail
> traffic will
> > > not work until T1 is restored and they are OK with it.
> > >
> > > Is there any way to make the failover automatic? Since there is no
> dynamic
> > > routing between ISP routers and R1, how would R1 know about line
> failure?
> > >
> > > Any ideas will be greatly appreciated.
> > >
> > > Sam Munzani
> > > CCIE # 6479(R&S, Security)
> > >
> > > ____________________________________________________________________
> > > ___
> > > Please help support GroupStudy by purchasing your study materials
from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> > --
> > Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:18 GMT-3