Complex linux network

Well don't know if this is complex or not, but here goes

I have a number of Linux servers sitting behind a PIX in a datacenter.  They're all on a private address range.  THis is all working fine.  The pix connects to the ISP's router.   All well and good.

However, as the datacentre is 4 hours drive away, I'm paranoid that should the PIX fail, i'm in trouble.  

What I want to do to mitigate any outages, is to connect the second NIC on each server to the ISP's switch.  

Question:  Can I set the second NIC to a public IP address given by the ISP and route traffic to the application on the server and still maintain the private subnet on the first?

In otherwords, if the PIX fails, is it possible to still have connectivity with the server and can they co-exist?  Can I isolate routing, so that traffic on eth0 goes via the pix and eth1 (ip tables) routes via the direct connection?

Regards
 
LVL 1
middletnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bignewfCommented:
Depending on your routing skills, you might have to get your network team involved.  By using a link state routing protocol such as OSPF, it's possible to have a route metric that specifies a path to the alternate network on 2nd NIC card., so traffic goes thru the primary NIC first. This can be done by having this alternate route in the routing tables, but with a much higher metric/cost than the primary route.

Obviously, the easiest way is to have a second pix for failover.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ricks_vCommented:
I would not recommend having the linux server connect straight to the isp router for security reasons.
if you afraid of pix fail, you can put another pix as a backup with connection to the other pix and set them as for failover.

if you afraid isp connection fails, your solution is to have second wan backup on your pix.
0
bignewfCommented:
I would concur with ricks v, tell the network manager if 100% availability is important to your network, to get a backup internet wan link and a 2nd PIX for failover. An ounce of prevention is worth a pound of cure. PIX (or ASA firewalls) are fairly inexpensive to begin with, and if cost is a factor in your budget, then a backup highspeed DSL with a failover pix will not hurt any IT budget
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.