Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to set 2 default gateways in a Cisco PIX 515E firewall ?

Posted on 2004-08-16
9
Medium Priority
?
743 Views
Last Modified: 2013-11-16
I have a Cisco PIX 515E firewall and i would like to set the firewall to have 2 default gateways with some weighting method.  Can this be done? If yes, how? Please provide detailed firewall commands and scripts.
0
Comment
Question by:viansoo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11810631
No can do, my friend.
PIX can have 1 and only 1 default gateway. Remember that it is a firewall. It was built and designed for that one purpose. You're asking it to perform advanced routing functions which are not part of the PIX OS.
0
 
LVL 3

Expert Comment

by:fatlad
ID: 11818347
If both the "gateways" you wish to set up are Cisco routers why not configure them to use HSRP? That way the PIX will send traffic to the one you prefer until it fails. You can use the routers to route and the PIX as a firewall.
0
 

Author Comment

by:viansoo
ID: 11820603
                                        Web Server
                                               |
                                 ________|____
                                           |
                                           |
                                Cisco PIX Firewall
                                        /        \
                                      /            \
                                    /                \
                              Broadband       Cisco
                                Modem          Router
                                    |                   |
                                    |                   |
                                    B                   A

A: Primary connection (leased line) from ISP A
B: Backup connection (broadband) from ISP B
                                     
The default gateway for the PIX firewall is through connection A.  If connection A fails, traffic will be automatically routed to connection B.  What is the best solution for this?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 79

Accepted Solution

by:
lrmoore earned 450 total points
ID: 11820942
You basically have two options:
1. Get another Ethernet module for your Cisco router A, and connect the broadband modem to it. Use its capabilities for failover routing.
2. Get yet another router that has the failover routing capability and stick it in between the pix and the other two routers.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12092769
Are you still working on this? Do you need more information?
Can you close out this question?
0
 
LVL 3

Expert Comment

by:fatlad
ID: 12110657
As a thought could you not have the router advertise a default route in RIP and then use the PIX with a statically defined floating defualt route (with a higher AD than RIP). When the router stops sending RIP updates the static one will rise to the top.
0
 

Author Comment

by:viansoo
ID: 12196879
Irmoore, you were saying, get an Ethernet module for my router and then connect the broadband modem to it, and use some sort of 'capabilities' for routing.  Can you explain more what these 'capabilities' are?  Tks.
0
 
LVL 3

Expert Comment

by:fatlad
ID: 12198208
If you new setup was:



                                        Web Server
                                               |
                                 ________|____
                                           |
                                           |
                                Cisco PIX Firewall
                                        /        \
                                      /            \
                                    /                \
                                 Cisco            Cisco
                                Router          Router
                                    |                   |
                                    |                   |
                                Modem              A
                                    |
                                    B

You could use a feature know as HSRP (Hot Swap routing protocol) that will allow the routers to create and share a virtual interface which can be used as the defualt gateway for the PIX. More info at: http://www.cisco.com/en/US/tech/tk648/tk362/tk321/tech_protocol_home.html

Hope that helps

FatLad

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12208042
Assuming a Cisco router with both DSL to ISPB and T1 to ISPA, you can use different methods of providing load-sharing/balancing. From using equal-cost default routes with a double-nat approach, to using route-map and creative use of NAT pools/addresses on the PIX. Perhaps something like LAN group A gets NAT IP A and LAN group B gets NAT IP B. On the router end, anything coming out of the PIX with NAT IP A goes to ISPA, anything with NAT IP B goes out to ISPB... Now you will just have to layer a bit more intelligence in the router to know if link to ISPA is down, then all traffic goes out ISPB, and vice versa.
IOS gives you the flexibility to do any/all the above, where PIX is severely limited in its capabilities.

FatLad's suggestion of HSRP will work only if you add another router to the MIX just to connect to the broadband modem, and it will provide failover only, not load-sharing or load-balance. GLBP (Gateway Load Balancing Protocol) is more atune to provide that.. http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541c8.html

BTW:
HSRP = Hot Standby Router Protocol, not Hot Swap Routing Protocol
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question