Solved

How to configure redundant T1 connections to the internet using Cisco Pix 515e or Catalyst 6509s

Posted on 2004-10-13
11
463 Views
Last Modified: 2013-12-14
I have two cisco pix 515e in two different buildings. They do not have csu/dsu interfaces. They each have two ethernet interfaces. The ethernet interfaces go to cisco 2600 routers which has csu/dsu interfaces (not owned by us). At the core in each building we have Cisco 6509 Catalyst switches.The 6509 switches are directlyh connected to each other via gigabit fiber. We have a T1 in each building going to the internet. I need to know how to configure the cisco pixs or the cisco 6509s to use redundant routing in the event of a T1 failure. For example, if one  T1 fails, I need the user to still be able to get out to the internet. Keep in mind we do not have access to the 2600 routers or their CSU/DSUs (They are the ISPS).
0
Comment
Question by:truelove258
  • 7
  • 2
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12301808
You have a couple of options. Floating static, or OSPF
Do you have the MSFC in the 6509? If so, this is a piece of cake..
Are both PIX inside interfaces in the same subnet?

If you have MSFC on the 6509's:
Example:
 BLDG1  MSFC
    ip route 0.0.0.0 0.0.0.0 <ip PIX1>
    ip route 0.0.0.0 0.0.0.0 <ip PIX2> 120  <== higher metric admin distance

Reverse in BLDG2 MSFC
    ip route 0.0.0.0 0.0.0.0 <ip PIX2>
    ip route 0.0.0.0 0.0.0.0 <ip PIX1> 120

Is this the topology:

                 BLDG1                                                         BLDG2
Internet----2600---PIX1----6509------fiber-------------6509-----PIX2----2600----Internet

If you don't have MSFC in either one, you might try using LAN-based failover, if you have Unlimited license
If you don't have MSFC or Unlimited license, we'll have to look at other options....
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12301829
It would really be a piece of cake if you controlled the 2600's and have the MSFC.
Just having MSFC will work, too...
If you are paying someone for the Internet T1's, just because they own and manage the routers does not mean they won't make changes to accomodate you...
0
 

Author Comment

by:truelove258
ID: 12302255
The two Cisco Pixs both have internal ips on vlan 1 on the same subnet. Our 6509s both have the MSFC. So I guess your solution will work?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12302354
Static's will make it real simple.

Here's an alternative:

Enable OSPF on the PIX's and on the MSFC
Each PIX has "default-information originate"
Now each MSFC will get dual same-cost default routes...
If one PIX dies, the route dies with it. Not so with static..

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:truelove258
ID: 12310229
OK. If I want to enable OSPF on the PIXs, how would I do that? Also, how do I enable "default-information originate"? In addition, if the T1 fails, will your solutions still work? We are not worred about the PIXs dying, but the T1 on the ISPs router dying. Keep in mind that we do not have access to the ISP routers nor will we have it in the future. Could you provide a sample configuration using OSPF? please detail the 6509 switch configurations as well as the Cisco PIXs configurations we would need (hypothetical solution please?).
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 12310383
PIX1/PIX2 will be almost identical:
Local IP subnet (for illustration purposes) = 10.10.10.x

route outside 0.0.0.0 0.0.0.0 <ip address of T1 router>
  router ospf 100
    area 0
    default-information originate
    network 10.10.10.0 255.255.255.0 area 0  <== subnet mask on PIX

On the MSFC:
   router ospf 100
     network 10.10.10.0 0.0.0.255 area 0  <== inverse mask on MSFC

   no ip route 0.0.0.0 0.0.0.0 <ip address of PIX>

The only problem with this scenario is that even if your T1 does go down, the PIX won't know it because its next hop is the router's Ethernet port which will not go down just because the T1 does. The route will always be "up". NOT GOOD...
You would have to manually shut the outside interface of the PIX if you figure out that the T1 is down.
Unless you can get those ISP routers to "play" with some dynamic routing protocol, then you may not like the results. Since you are paying the ISP, you are the customer, and you should be able to discuss this with them. You don't need access to the routers, just need them to configure them for you. There is no other way for the ISP router to notifiy the PIX that the T1 is down. Highly suggest discussing this with your ISP... unless, of course, you're not being completely open about the situation...

OSPF works VERY well in situations where you have both the ISP router and the PIX talking to each other.




0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12335348
Are you still working on this? Do you need more information?

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12352316
ping.....

Any news/progress?  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12544848
Points to lrmoore

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now