How to configure redundant T1 connections to the internet using Cisco Pix 515e or Catalyst 6509s

I have two cisco pix 515e in two different buildings. They do not have csu/dsu interfaces. They each have two ethernet interfaces. The ethernet interfaces go to cisco 2600 routers which has csu/dsu interfaces (not owned by us). At the core in each building we have Cisco 6509 Catalyst switches.The 6509 switches are directlyh connected to each other via gigabit fiber. We have a T1 in each building going to the internet. I need to know how to configure the cisco pixs or the cisco 6509s to use redundant routing in the event of a T1 failure. For example, if one  T1 fails, I need the user to still be able to get out to the internet. Keep in mind we do not have access to the 2600 routers or their CSU/DSUs (They are the ISPS).
Who is Participating?
lrmooreConnect With a Mentor Commented:
PIX1/PIX2 will be almost identical:
Local IP subnet (for illustration purposes) = 10.10.10.x

route outside <ip address of T1 router>
  router ospf 100
    area 0
    default-information originate
    network area 0  <== subnet mask on PIX

On the MSFC:
   router ospf 100
     network area 0  <== inverse mask on MSFC

   no ip route <ip address of PIX>

The only problem with this scenario is that even if your T1 does go down, the PIX won't know it because its next hop is the router's Ethernet port which will not go down just because the T1 does. The route will always be "up". NOT GOOD...
You would have to manually shut the outside interface of the PIX if you figure out that the T1 is down.
Unless you can get those ISP routers to "play" with some dynamic routing protocol, then you may not like the results. Since you are paying the ISP, you are the customer, and you should be able to discuss this with them. You don't need access to the routers, just need them to configure them for you. There is no other way for the ISP router to notifiy the PIX that the T1 is down. Highly suggest discussing this with your ISP... unless, of course, you're not being completely open about the situation...

OSPF works VERY well in situations where you have both the ISP router and the PIX talking to each other.

You have a couple of options. Floating static, or OSPF
Do you have the MSFC in the 6509? If so, this is a piece of cake..
Are both PIX inside interfaces in the same subnet?

If you have MSFC on the 6509's:
    ip route <ip PIX1>
    ip route <ip PIX2> 120  <== higher metric admin distance

Reverse in BLDG2 MSFC
    ip route <ip PIX2>
    ip route <ip PIX1> 120

Is this the topology:

                 BLDG1                                                         BLDG2

If you don't have MSFC in either one, you might try using LAN-based failover, if you have Unlimited license
If you don't have MSFC or Unlimited license, we'll have to look at other options....
It would really be a piece of cake if you controlled the 2600's and have the MSFC.
Just having MSFC will work, too...
If you are paying someone for the Internet T1's, just because they own and manage the routers does not mean they won't make changes to accomodate you...
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

truelove258Author Commented:
The two Cisco Pixs both have internal ips on vlan 1 on the same subnet. Our 6509s both have the MSFC. So I guess your solution will work?
Static's will make it real simple.

Here's an alternative:

Enable OSPF on the PIX's and on the MSFC
Each PIX has "default-information originate"
Now each MSFC will get dual same-cost default routes...
If one PIX dies, the route dies with it. Not so with static..

truelove258Author Commented:
OK. If I want to enable OSPF on the PIXs, how would I do that? Also, how do I enable "default-information originate"? In addition, if the T1 fails, will your solutions still work? We are not worred about the PIXs dying, but the T1 on the ISPs router dying. Keep in mind that we do not have access to the ISP routers nor will we have it in the future. Could you provide a sample configuration using OSPF? please detail the 6509 switch configurations as well as the Cisco PIXs configurations we would need (hypothetical solution please?).
Are you still working on this? Do you need more information?


Any news/progress?  
Points to lrmoore

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.