U have to connect a switch even if the connection doesnt break between the
routers. Bcoz, for HSRP to work, both the routers ethernet interfaces and
their VIP sholud be in the same subnet. If u directly connect them in a
firewall, its not possible as each interface in a firewall will be of a
different network.
So the design would be like this:
RouterA RouterB
| |
-----------------
| Switch |
------------------
|
PIX
|
Ethernet
Rgds,
Vamsi
----- Original Message -----
From:
To:
Sent: Wednesday, September 25, 2002 4:03 PM
Subject: RE: Need help with Simple BGP Solution [7:53936]
> The BGP part will be easy to do. HSRP will be easy to do however if you
are
> going to have 2 router (each running EBGP to the ISP) that connect to a
> firewall (whether it is a PIX or not) understand that most firewalls do
not
> pass Multicast traffic. So HSRP will break because hellos will not be
> passed along from one router to another so therefore adjacencies will not
be
> formed. Dave is correct that some firewalls do break when they receive
> traffic from another port that they sent it out on. So if you have
> something like this (sorry if the ASCII gets messed up when it this email
> gets posted):
>
> RouterA RouterB
> | |
> | HSRP |
> Firewall
> |
> LAN
>
>
> It will not work. You will probably have to front end the routers
ethernet
> interfaces that would be connecting into the Firewall with a small switch
so
> that you can pass the HSRP traffic. If someone has a better idea, please
> post it.
>
>
>
> Mario Puras
> SoluNet Technical Support
>
>
>
> -----Original Message-----
> From: MADMAN [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 25, 2002 10:13 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Need help with Simple BGP Solution [7:53936]
>
>
> Wayne Jang wrote:
> >
> > have a customer that wants to implement BGP at his office. They want to
> > have complete redundancy, not load balancing. They have some users
coming
> > in from the outside for VPN and email servers.
> >
> > They will be using T-1s to two separate ISPs and will use a separate
> router
> > for each ISP connection.
> >
> > My questions are as follows:
> >
> > Can I use just one firewall? (I could run HSRP on the two routers,
> firewall
> > would just forward to the phantom default gateway)
> > They currently own a Sonicwall Pro 100. I would prefer they use a PIX,
is
> > there any reason why they can't use the Sonic?
> >
> > Do ISPs charge subcribers extra for advertising routes through the other
> ISP
> > (BGP)?
>
> Not that I'm aware of.
>
> >
> > I also want to have default routes to the ISP. I don't believe this
> > customer needs the added routing accuracy, if it means they will need
> > routers with 128 MB or ram.
>
> If each router has only a defualt route to it respective provider and
> your doing HSRP you will only use 1 ISP for your egrees traffic, is that
> acceptable since most customers want to utilize both connections their
> paying for.
>
> I don't know about Sonic but I have seen firewalls that break if you
> send traffic out router A and it returns via router B.
>
> Dave
> >
> > Thanks
> >
> > Wayne
> --
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
>
> "You don't make the poor richer by making the rich poorer." --Winston
> Churchill
**************************Disclaimer**************************************************
Information contained in this E-MAIL being proprietary to Wipro Limited is
'privileged'
and 'confidential' and intended for use only by the individual or entity to
which it is
addressed. You are notified that any use, copying or dissemination of the
information
contained in the E-MAIL in any manner whatsoever is strictly prohibited.
****************************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54091&t=53936
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
