Wayne,
Why not use the router to terminate the links, and put the PIX behind the
router? The PIX will inspect the traffic, and the router can send traffic to
different links depending on where it originated from. Usually a 515 may be
a better solution because it has a DMZ interface where the serv
I guess I have to plan on using BGP. But can I get away without using BGP?
I did plan on bringing both DSL and T1 into the 2621, I ment to say that the
pix is behind(on the inside).
Thanks
""Alex Lei"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Wayne,
>
> Why not use the r
You should be able to do exactly what you said as long as you have at least
2 public IP addresses. Use one for the interface and all regular users and
use the other IP for the two servers. Create two different nat and global
pairs.
John Kaberna
CCIE #7146 (R/S, Security)
NETCG Inc.
www.netcgi
You can't do it with the equipment you originally mentioned. You could,
however, put in two PIX 506, one on each ethernet interface of the 2621,
and use policy routing on the 2621 to handle the traffic to the two
providers. Not the most elegant solution, but it would work. I see no
reason t
http://www.radware.com/content/products/link.asp
-Original Message-
From: Wayne Jang [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 2:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Pix don't route [7:46356]
I guess I have to plan on using BGP. But can I get away without using BGP?
Wayne,
You have to put the PIX behind the router, as the PIX does not have T1
interfaces...just LAN interface. UNFORTUNATELY.AND I REALLY HATE TO
SAY THISBUT...this sounds like a good application for RADware's
LinkProof. You would plug your router and DSL into this device and it
will sel
L PROTECTED]]
>Sent: Wednesday, June 12, 2002 3:11 PM
>To: Wayne Jang
>Cc: [EMAIL PROTECTED]
>Subject: Re: Pix don't route [7:46356]
>
>
>You can't do it with the equipment you originally mentioned. You could,
>however, put in two PIX 506, one on each ethernet
Wayne,
I would suggest disabling NAT on the PIX and performing your NAT on the
router. This eliminates the problem of not knowing what packets originate
from the servers. Then, setup Policy-Based Routing (PBR) on the router.
You didn't post your config, so I assume you have 2 legal addresses, o
;the outside world?
> >
> >-Original Message-
> >From: Craig Columbus [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, June 12, 2002 3:11 PM
> >To: Wayne Jang
> >Cc: [EMAIL PROTECTED]
> >Subject: Re: Pix don't route [7:46356]
> >
> >
&g
ternet.
> > >
> > >I wouldn't need BGP if I was making one of ther servers(FTP) available
to
> > >the outside world?
> > >
> > >-Original Message-
> > >From: Craig Columbus [mailto:[EMAIL PROTECTED]]
> > >Sent: Wednesday, June
What happens when the T1 provider goes down? Those IP's will no longer be
reachable and the servers will be down. Without BGP I don't see how you are
going to get the DSL circuit to take over the IP's that the T1 provider
advertises. Assuming you have BGP, I would thing that policy routing and
I failed to make clear that the customer understands that he won't have
automatic failover. I also understand that the advertised route will be no
good through the DSL provider. However, he will still be able to transfer
files if the T1 goes down. Maybe from a workstation or maybe we do some
co
The RADware appliance looks cool, but this guy is done spending money.
""Greene, Patrick"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Wayne,
> You have to put the PIX behind the router, as the PIX does not have T1
> interfaces...just LAN interface. UNFORTUNATELY.AND I R
y and there are more options.
-Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Kaberna
Sent: Wednesday, June 12, 2002 3:10 PM
To: [EMAIL PROTECTED]
Subject: Re: Pix don't route [7:46356]
What happens when the T1 provider goes down? Tho
14 matches
Mail list logo