We have 2 ISP's with a T1 coming in from each.
Each T1 has it's own router (supplied by the ISP) one is an intel router the other is a Cisco 2620.
Those each feed seperate firewall boxes.
Which in turn each feeds a summit 48 switch.
The summits are interconnectd via Gigabit Fiber.
Here's where it gets very complicated...
we have over 10,000 IP addresses that any machine in the internal network could be on at any given moment. All machines are direct wired into these two summits via 10/100 ethernet, except the two cluster servers, they are fiber to the switch each on a seperate switch.
The mail, SQL, & Web servers run on the cluster servers.
The servers were all set up when we only had 1 T1 so they are all on those subnets.
There are 60 or so machines that autonomously spider the web collecting data and posting data based off the collected data. The reason they change IPs every request or post is to get around people blocking more than x access from x.x.x.x in a given time frame.
I want to keep all of our internal traffic internal (SQL requests, mail, general network traffic) on the summits and have them handle internal routing so the firewalls and routers are out of the picture for DB lookups and internal fille transfers and such when a computer with an IP from a subnet on ISP "B" needs to access a computer or server resource on ISP "A".
How can this be accomplished and or would it better to put both T1s on the Cisco 2620?
Can the Cisco accept another serial card?
Can you have seperate ISPs on one router?
Currently the traffic from ISP"B" trying to get to ISP "A" goes all the way out to the internet and comes back in thorugh the "A" router and firewall and vice versa. The problem is that means we have to set up rules in the fire wall opening up those "external" addresses to have rights. This would allow someone to spoof those addresses and get in from the outside world correct?
Thank you for any and all help
I tried setting default routes in the routers to send known subnets back through the fastethernet0/0 instead of out to serial0/0 but that seemed to pretty much break everything an dnothing would route from that subnet, internal or external.
Each T1 has it's own router (supplied by the ISP) one is an intel router the other is a Cisco 2620.
Those each feed seperate firewall boxes.
Which in turn each feeds a summit 48 switch.
The summits are interconnectd via Gigabit Fiber.
Here's where it gets very complicated...
we have over 10,000 IP addresses that any machine in the internal network could be on at any given moment. All machines are direct wired into these two summits via 10/100 ethernet, except the two cluster servers, they are fiber to the switch each on a seperate switch.
The mail, SQL, & Web servers run on the cluster servers.
The servers were all set up when we only had 1 T1 so they are all on those subnets.
There are 60 or so machines that autonomously spider the web collecting data and posting data based off the collected data. The reason they change IPs every request or post is to get around people blocking more than x access from x.x.x.x in a given time frame.
I want to keep all of our internal traffic internal (SQL requests, mail, general network traffic) on the summits and have them handle internal routing so the firewalls and routers are out of the picture for DB lookups and internal fille transfers and such when a computer with an IP from a subnet on ISP "B" needs to access a computer or server resource on ISP "A".
How can this be accomplished and or would it better to put both T1s on the Cisco 2620?
Can the Cisco accept another serial card?
Can you have seperate ISPs on one router?
Currently the traffic from ISP"B" trying to get to ISP "A" goes all the way out to the internet and comes back in thorugh the "A" router and firewall and vice versa. The problem is that means we have to set up rules in the fire wall opening up those "external" addresses to have rights. This would allow someone to spoof those addresses and get in from the outside world correct?
Thank you for any and all help
I tried setting default routes in the routers to send known subnets back through the fastethernet0/0 instead of out to serial0/0 but that seemed to pretty much break everything an dnothing would route from that subnet, internal or external.