Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Two Routers on the outside interface of PIX 515

Two Routers on the outside interface of PIX 515

Forum General Networking : General Gateways, Routers and Firewalls - Two Routers on the outside interface of PIX 515

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
kavsko   06-22-2006 at 01:03:03 AM

My problem is that I have 2 routers to access the internet, one by frame relay and the other by ADSL.
My idea is to route all HTTP, FTP, etc. (low importance traffic) to the ADSL router and my crucial traffic routed to my frame router.
They are both connected to the outside interface of my PIX.

Does this make any sense, is it possible???

Thx.

Add a reply
Sponsored Links
Register or log in to remove.
erudite_22   06-22-2006 at 07:25:06 AM
- 0 +

sounds like you need to make some static routes.

Reply to erudite_22
Zakkas   06-22-2006 at 07:43:47 PM
- 0 +

It is possible, and erudite is right you will need to add static routes. What you'll need to configure on the two routers themselves is access-lists controllin what goes where. I think its called policy based routing. But I know you'll need to configure access-lists with it and set the ADSL route for administrative distance higher than the frame-relay. Static routes by default are administrative distance of 1.

If I were you I would configure the DSL as a backup connection to the Frame-Relay. I would configure the Frame-relay router with a route to the ADSL router with an administrative distance higher than 50 or something. That way if the default route out the frame goes down you have the ADSL router which has its own default route to the Internet.

Reply to Zakkas
erudite_22   07-01-2006 at 09:00:21 AM
- 0 +

I think I may have your solution. You need to set the metric of the route of your ADSL interface to 1 and set the foute for your FR to a metric over 1 (In ASDM go to Configuration | Routing | Static Route) . This will make it so as long as the interface with metric 1 is availabe it will use it for all trafic, if it's not available it will use 2 or whatever number follows in numerical sequence, unless otherwise specified by access lists or static routes or whatever else. I currently have a similar setup on my pix 515 (3 isp's) and that is what I do.

Reply to erudite_22
Zakkas   07-05-2006 at 04:20:50 PM
- 0 +

Yuppers, thats how we've done it for a few of our customers. Thats really the only way to can configure this type of setup. I'm not sure if you could configure the PIX with two default routes (1 route to the frame relay and 1 route to the adsl).

I'd test it here but we don't have a free PIX available to mess with.

The commands on the router would look like

ip route 0.0.0.0 0.0.0.0 other end of FR
ip route 0.0.0.0 0.0.0.0 ADSL router ip 240 >>>240 is the administrative distance

or

The PIX would look like:

route outside 0.0.0.0 0.0.0.0 FR ip
route outside 0.0.0.0 0.0.0.0 ADSL ip

Yup I did some digging and found this on Cisco
route
To enter a static or default route for the specified interface, use the route command in global configuration mode. Use the no form of this command to remove routes from the specified interface.

route interface_name ip_address netmask gateway_ip [metric | tunneled]

no route interface_name ip_address netmask gateway_ip [metric | tunneled]

Syntax Description
gateway_ip
Specifies the IP address of the gateway router (the next-hop address for this route).

Note The gateway_ip argument is optional in transparent mode.

interface_name
Internal or external network interface name.

ip_address
Internal or external network IP address.

metric
(Optional) The administrative distance for this route. Valid values range from 1 to 255. The default value is 1.

netmask
Specifies a network mask to apply to ip_address.

tunneled
Specifies route as the default tunnel gateway for VPN traffic.




You'll want to configure the routes with the correct metric.

Reply to Zakkas
El0him   07-06-2006 at 05:51:41 AM
- 0 +

You can either do this with policy map on the PIX (if the PIX can support policy based routing). The other method is to just route all interesting traffic (i.e. crucial traffic based on layer three addresses) to the frame relay circuit and everything else to the ADSL using the default gateway. You only need one default gateway on the PIX to accomplish this but you will have to create many static routes to accomodate all the interesting traffic.

Reply to El0him
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Two Routers on the outside interface of PIX 515
Go to:

There are 1186 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.319 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?