Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 Internet connection through PIX

Status
Not open for further replies.
luciusism

luciusism

MIS
Mar 15, 2002
10
0
0
US
I have 2 internet connections (2 different ISPs), and I have a PIX 520 with 3 NICs.

Our toplogy so far is a dmz on one nic, our private network on another, and the final NIC is connected to our main ISP.

What I'd like to do is hook our secondary ISP to our PIX, thus creating redundant internet access. The question I have is if anyone has ever had to deal w/ a siialr situation? Do I need another NIC for the second ISP? What about DNS, seeing as our domain name points to 1 ISP's DNS, does that mean I have to host my own DNS?

Thanks all!

P.P.S. I'm assuming that the PIX doesn't use regular PCI NICs?
 
Sort by date Sort by votes
I guess that you could put two routers in, one for each ISP and then load balance those links (like Yizhar suggested), using HSRP. The inside interfaces of the routers would then connect to a switch and the outside of the PIX would patch into that switch! With HSRP the two routers running in a failover configuration would appear to the PIX as a single "virtual" router, which you would then point the default route on the PIX to!

Sounds easy .... but can be a problem getting it to work right!!

Good luck.

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
The PIX uses ordinary PCI cards. My PIX has ordinary Intel NIC's 10/100 Mbits...

 
Upvote 0 Downvote
Hi,
If you wanted to load balance you got to be real careful. For hosts that must have the same address, eg mail servers, you will have to run BGP to both ISP's and advertise your network to the Internet so it is known both ways. There are so many ways to do it though. If you don't care about IP what your source IP's appear as you can do as chrisac says and go 2 routers/HSRP, or if you can only afford 1 router run NAT 2 both interfaces, in this case your source addresses will be different depending on what ISP you use.
I would consider BGP the *correct* way, but everyone has their own preference, and there is no single correct answer.

-Stephen
 
Upvote 0 Downvote
HSRP doesn't load balance, it's used for failover. You CAN setup two internet connections on the PIX, but you'll have to manually switch the default route if your primary goes down, this would be the cheapist solution.

If you want to automate this, use HSRP as described above. It's not difficult to get working.

If you host public services on your network that need to be accessible through your second internet connection (via the same IP address) if the primary goes down, then you'll have to use BGP. This is an extremely expensive solution.

sh0x
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
129
nnaarrnn
nnaarrnn
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
52
mcisar
mcisar
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
51
iggsterman
iggsterman
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
44
brownmab53
brownmab53
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
62
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top