Solved

2 ISP on 1 PIX with different computers on the same subnet using different ISPs

Posted on 2008-10-21
4
307 Views
Last Modified: 2011-10-19
My office has been running off of a single T-1 line up to this point.  Myself and another tech do a lot of downloading for various pieces of software and a T-1 just isn't enough.  We had a cable line put in so that we can use the cable and everyone else can stick on the T-1.  

Here is the goal.  Have two computers on the 10.1.1.0 subnet (mine and the other tech's) go out through the cable while everything else goes out the T-1.  Failover would also be desired both ways.  I am not sure that both of these are possible at the same time, but I would settle for at least getting myself and the other tech onto the cable for now.

Please see the attached jpg for a topology diagram to help explain the setup.

nettop.jpg
0
Comment
Question by:Telstar-Networks
  • 2
4 Comments
 
LVL 2

Expert Comment

by:JimmyLarsson
ID: 22770616
Hello

This is not possible because the fact that the Pix doesn support multiple default routes.

However, there is a "Dual ISP" functionality in newer versions of pix-software. With this function You can have a spare ISP connected. With a tracking-option the Pix can then sense if the primary ISP connection goes down and then route all traffic to the second ISP instead. But as I sait this is a pure failover-function and also only handles outbound traffic.

More info about the dual-ISP function:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
0
 
LVL 1

Author Comment

by:Telstar-Networks
ID: 22771074
What would be the minimum I could do in order to accomplish my goal by going outside of the PIX?
0
 
LVL 4

Expert Comment

by:yurisk
ID: 22774906
PIX/ASA do not provide such service, no matter what firmware version. NEwer ASA indeed provide
Dual-ISP functionality but only for complete failover , i.e. when main link goes down back up one kicks in.
Load balancing you want to do is not possible with PIX/ASA , you need  policy routing which  they dont have.
Whatever solution is possible it would be w/o PIX involved. From current diagram I can only suggest
setting up direct connection between your Core router and cable modem then doing policy
routing (if supported) on this COre router.
0
 
LVL 1

Accepted Solution

by:
Telstar-Networks earned 0 total points
ID: 23215218
Yea, just put in a whole other PIX and router.  Thanks for the advice.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now