On Thu, 5 Dec 2002, Charles Gray wrote: > We have the T1 and the DSL connected to the firewall. The T1 works just > fine, but the DSL does NOT work. > > The firewall is using the T1 addresses for the DNS and the default > route. From behind the firewall I can see the DSL external addresses. > (Aliases on the external interface)
Assuming that you have two seperate IP networks from your two providers, you'll need to make use of a router to handle your complex routing operations. The T1 router may be capable of this, or it may not. If it's a cisco, it probably is. My suggestion would be to put an IP address from the DSL network as a secondary on the ethernet interface of your T1 router. (so the T1 router can access that network withouth traversing the internet.) Then, in your router, configure some form of source-routing to direct traffic sourced from your DSL ip network to your DSL router. If your router is a cisco, use Policy Based Routing and route-maps to configure this. These cisco links may help you: http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm http://www.cisco.com/warp/public/105/36.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm Do note that in any configuration with multiple IP networks without BGP, there is no way to have redundancy should one of your network connections drop. (ie: if the T1 link is down, all IP addresses assigned by your T1 provider will be unreachable. The same holds true for your DSL.) If you have a setup similar to the above, I'd advise that you do enable the gateway selector with your DSL link as the secondary gateway. That would at least leave you with your staticly mapped DSL ip addresses active. (note that if your default NAT address (the EXT interface address) is on a network that fails, only staticly mapped addresses will have outbound connectivity. ....david --- David Raistrick Systems Administrator - Global Technology Associates, Inc [EMAIL PROTECTED] Disclaimer: All opinions expressed are the opinions of David Raistrick, not necessarily those of GTA, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
