Re: Design Challenge posted 08/31/2000
Other option is have 2 serial modules on your router connecting to 2
different ISPs doing policy routing. PIX just forwards everything to router.
Have 2 different NAT pools on PIX and use those 2 respective global pools to
do the polocy routing on router.
> Here is an interesting design problem:
> There is a PIX with two inside and one outside interface.
> The PIX can only be configured with a single default gateway on the
> You are of course not allowed to run a routing protocol on the PIX.
> You are connecting to two ISP's but you can't run BGP. Provide load
> balancing and redundancy. (yeah sure)
> Solving this by using policy routing, which can apparently only deal with
> route-map source and size attributes does appear to be all that 'cool'. If
> you do this with two routers on the outside of the PIX running HSRP, the
> primary one seems to need an additional interface and you need to use
> secondary addresses. Assuming that you apply a policy to inbound traffic
> the primary HSRP router; forwarding traffic from one of the internal nets
> to the other router, you can make it so he'll forward it back if his link
> down, although you would need to forward it to a different interface on
> primary HSRP router so the policy wouldn't apply. A bit kludgey.
> Your thoughts will be appreciated,
> To unsubscribe from the CCIELAB list, send a message to
> majordomo@xxxxxxxxxxxxxx with the body containing:
> unsubscribe ccielab
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing: