drummelhart
IS-IT--Management
are there any PIX's out there than can carry more than one exterior and interior default gateway?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PIX with more than 1 default gateway?
- Thread starter drummelhart
- Start date
- Status
no there is no pix that can do it. unless you have it like
route outside 0.0.0.0 0.0.0.0 1.2.3.4
route outside 0.0.0.0 0.0.0.0 5.6.7.8 tunneled
and all that does is any incoming unecrypted traffic goes through the 'tunnel' to get encrypted
route outside 0.0.0.0 0.0.0.0 1.2.3.4
route outside 0.0.0.0 0.0.0.0 5.6.7.8 tunneled
and all that does is any incoming unecrypted traffic goes through the 'tunnel' to get encrypted
you can do it with either SLA monitoring or entering a backup route for the external gateway, but the SLA monitoring will require a newer OS image.
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
- Thread starter
- #6
drummelhart
IS-IT--Management
one pix 2 inside and outside default gateways for 2 different domains
Depending on your OS version you can run the appliance in multiple context mode that will give you fully independent interfaces and security configuration.
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
- Thread starter
- #8
drummelhart
IS-IT--Management
I only have a 506e and it will not carry but 1. I am asking which PIX will carry more than 1 default gateway, and I prefer to use CLI
- Thread starter
- #10
drummelhart
IS-IT--Management
that is what I was looking for!!!!
Thank you.
With that said, a PIX 515 will do what I want?
Thank you.
With that said, a PIX 515 will do what I want?
yes sir, as long as you have the right OS. here's a config guide for good measure:
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
- Thread starter
- #12
drummelhart
IS-IT--Management
fricken sweet and you RIPP my man!
- Thread starter
- #14
drummelhart
IS-IT--Management
looks like a router to me, and I likey that more
Hi ,
I am facing one problem in my network .. Explaining bellow --
There are three Vlan ( Vlan10/ Vlan11 / Vlan 12 ). There is one Application Server which needs to be accessed from all the three Vlans. Now there is two Route for data transfer towards Customer side Application . one is Multilink with 10 Mbps and another one is MPLS Link . Now i want to Pass the traffic of Vlan 10 & Vlan 11 via Multilink ( LL ) and Vlan 12 via MPLS Link but the Destination Appln server is same for all the Vlan. My Network Connectivity is Like Bellow ----
1) Leased Line Connectivity
Core Switch/L3( VLAN are created ) --> BA SW/L2 --> ASA ( Inside) -->ASA (Outside Int LL) --> L2 SW --> Router ( Leased Line ) --> Application Server .
2) MPLS Connectivity :-
Core Switch/L3( VLAN are created ) --> BA SW/L2 --> ASA ( Inside) --> ASA (Outside Int MPLS) --> L2 SW --> Router ( MPLS ) --> Application Server .
..Can Anybody help me on this problem . I come to know that this can be implemented through Route map . If so then How could it be possible in ASA. After all All The Vlan Traffic entering the ASA through Inside Int but from ASA ..Two ISP Links are devided ..one towards LL Router and another towards MPLS Router....
I am facing one problem in my network .. Explaining bellow --
There are three Vlan ( Vlan10/ Vlan11 / Vlan 12 ). There is one Application Server which needs to be accessed from all the three Vlans. Now there is two Route for data transfer towards Customer side Application . one is Multilink with 10 Mbps and another one is MPLS Link . Now i want to Pass the traffic of Vlan 10 & Vlan 11 via Multilink ( LL ) and Vlan 12 via MPLS Link but the Destination Appln server is same for all the Vlan. My Network Connectivity is Like Bellow ----
1) Leased Line Connectivity
Core Switch/L3( VLAN are created ) --> BA SW/L2 --> ASA ( Inside) -->ASA (Outside Int LL) --> L2 SW --> Router ( Leased Line ) --> Application Server .
2) MPLS Connectivity :-
Core Switch/L3( VLAN are created ) --> BA SW/L2 --> ASA ( Inside) --> ASA (Outside Int MPLS) --> L2 SW --> Router ( MPLS ) --> Application Server .
..Can Anybody help me on this problem . I come to know that this can be implemented through Route map . If so then How could it be possible in ASA. After all All The Vlan Traffic entering the ASA through Inside Int but from ASA ..Two ISP Links are devided ..one towards LL Router and another towards MPLS Router....
you're out of luck with PBR support in an ASA device. you're going to need to find a place to install a router in there somewhere.
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
The best solution is for your routers to do the routing and not have your pix/asa trying to do that.
If you control both routers and they are Cisco, simple solution would be to use HSRP and have the pix/asa use that HSRP address as it's default gateway. You can then do all our custom routing on the routers to suite your specific needs.
If you control both routers and they are Cisco, simple solution would be to use HSRP and have the pix/asa use that HSRP address as it's default gateway. You can then do all our custom routing on the routers to suite your specific needs.
This is not something that can be done with an ASA or PIX there can only be one default gateway to the internet at a time you can setup the PIX/ASA to have a backup ISP line that it automaticly switches to if the primary goes down. There is no way to have inbound traffic to pass through the PIX/ASA from two isp's at the same time. For redundant isp setup look here its very simple to setup and works well.
VinceWhirlwind
Technical User
It depends on how seperate you want your "domains".
You can have your default GWs for both domains using just one interface if both domains are on the same physical network - you trunk the two seperate VLANs to the ASA from the network switch both your "domains" are on.
If your two "domains" are two entirely physically seperate networks, then each of them needs a seperate connection to the PIX.
Make sure you get a licence with your PIX that supports several routed interfaces.
You can have your default GWs for both domains using just one interface if both domains are on the same physical network - you trunk the two seperate VLANs to the ASA from the network switch both your "domains" are on.
If your two "domains" are two entirely physically seperate networks, then each of them needs a seperate connection to the PIX.
Make sure you get a licence with your PIX that supports several routed interfaces.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question