Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PIX 8.0 Route through Different interface

Posted on 2017-10-12
4
High Priority
?
58 Views
Last Modified: 2017-10-19
Hello Experts,

I would like to change my current (route outside 0.0.0.0 0.0.0.0 64.64.64.230 1) outgoing internet traffic through different interface  (route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2)


route outside 0.0.0.0 0.0.0.0 64.64.64.230 1
route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2
route dsl2 0.0.0.0 0.0.0.0 172.16.17.254 3

i Tried unplugging the outside interface hoping internet traffic would go out the other interfaces but it did not. so maybe  i am  overlooking something. I thought that since they have 1, 2, 3, after each route it is supposed to go out other interfaces if it fails on the first one.
Please note i can only use  SSH to make changes no ASDM
Please provide exact step by step solution. my PiX knowledge is very limited
Running Config Attached
Thank you
Running-Config-temp.txt
0
Comment
Question by:icdl101
  • 2
4 Comments
 
LVL 81

Accepted Solution

by:
arnold earned 2100 total points
ID: 42329414
Weight means the higher the number, the lower the preference. Note the used term is weight.
You should use interface versus IP when your DSL feed can drop as that will auto transition by removing the route from consider while the ip based roure will need to have tests to dynamically test a path and then update

route outside 0.0.0.0 0.0.0.0 outside_interface 1
route dsl1 0.0.0.0 0.0.0.0 dsl1_interface 2
route dsl2 0.0.0.0 0.0.0.0 dsl2_interface 3

This way when DSL1 drops, the second route will become invalid and will be removed.

There are other issues when using interfaces in routing rules.
If you use IPs, you have to use SLA type tests such as pinging a destination by way of a specific interface and on failure, you apply a rule to ...reduce its preference.....
0
 
LVL 81

Expert Comment

by:arnold
ID: 42329437
Look at the reference that applies to version iOS 9.x rather but they may have a similar for version 8.3 or potentially you could update yours to get ...

But the discussion covers what you are asking about which deals with converging access to the outside when there is an issue with a preferred path.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html
0
 
LVL 6

Assisted Solution

by:Wissam
Wissam earned 900 total points
ID: 42336064
Have you tried to link ip slas on routes?

route outside 0.0.0.0 0.0.0.0 2.2.2.2 track 1
route Dsl2 0.0.0.0 0.0.0.0 3.3.3.3 20
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability


You can do NAT in same way,  name the interfaces depending on what you use
0
 

Author Comment

by:icdl101
ID: 42337666
Thank you Guys,
The solutions has been  very helpful. Really appreciate your time and effort.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question