Two Routers on the outside interface of PIX 515

[kavsko]

My problem is that I have 2 routers to access the internet, one by frame relay and the other by ADSL.
My idea is to route all HTTP, FTP, etc. (low importance traffic) to the ADSL router and my crucial traffic routed to my frame router.
They are both connected to the outside interface of my PIX.

Does this make any sense, is it possible???

Thx.

 

[erudite_22]

sounds like you need to make some static routes.

 

[Zakkas]

It is possible, and erudite is right you will need to add static routes. What you'll need to configure on the two routers themselves is access-lists controllin what goes where. I think its called policy based routing. But I know you'll need to configure access-lists with it and set the ADSL route for administrative distance higher than the frame-relay. Static routes by default are administrative distance of 1.

If I were you I would configure the DSL as a backup connection to the Frame-Relay. I would configure the Frame-relay router with a route to the ADSL router with an administrative distance higher than 50 or something. That way if the default route out the frame goes down you have the ADSL router which has its own default route to the Internet.

 

[erudite_22]

I think I may have your solution. You need to set the metric of the route of your ADSL interface to 1 and set the foute for your FR to a metric over 1 (In ASDM go to Configuration | Routing | Static Route) . This will make it so as long as the interface with metric 1 is availabe it will use it for all trafic, if it's not available it will use 2 or whatever number follows in numerical sequence, unless otherwise specified by access lists or static routes or whatever else. I currently have a similar setup on my pix 515 (3 isp's) and that is what I do.

 

[Zakkas]

Yuppers, thats how we've done it for a few of our customers. Thats really the only way to can configure this type of setup. I'm not sure if you could configure the PIX with two default routes (1 route to the frame relay and 1 route to the adsl).

I'd test it here but we don't have a free PIX available to mess with.

The commands on the router would look like

ip route 0.0.0.0 0.0.0.0 other end of FR
ip route 0.0.0.0 0.0.0.0 ADSL router ip 240 >>>240 is the administrative distance

or

The PIX would look like:

route outside 0.0.0.0 0.0.0.0 FR ip
route outside 0.0.0.0 0.0.0.0 ADSL ip

Yup I did some digging and found this on Cisco
route
To enter a static or default route for the specified interface, use the route command in global configuration mode. Use the no form of this command to remove routes from the specified interface.

route interface_name ip_address netmask gateway_ip [metric | tunneled]

no route interface_name ip_address netmask gateway_ip [metric | tunneled]

Syntax Description
gateway_ip
Specifies the IP address of the gateway router (the next-hop address for this route).

Note The gateway_ip argument is optional in transparent mode.

interface_name
Internal or external network interface name.

ip_address
Internal or external network IP address.

metric
(Optional) The administrative distance for this route. Valid values range from 1 to 255. The default value is 1.

netmask
Specifies a network mask to apply to ip_address.

tunneled
Specifies route as the default tunnel gateway for VPN traffic.




You'll want to configure the routes with the correct metric.

 

[El0him]

You can either do this with policy map on the PIX (if the PIX can support policy based routing). The other method is to just route all interesting traffic (i.e. crucial traffic based on layer three addresses) to the frame relay circuit and everything else to the ADSL using the default gateway. You only need one default gateway on the PIX to accomplish this but you will have to create many static routes to accomodate all the interesting traffic.