Re: [cisco-ttl] PIX uzerinde ISP redundancy

From: Abdullah Haltas <abdullahhaltas_at_....>
Date: Fri May 26 2006 - 10:15:09 EEST


Merhaba,

Su an diger isp icin kullandigimiz router, cisco 2620 ve uzerinde tek ethernet portu var (o da pix525 e bagli) Metro ethernet ise cisco 3550 switch uzerinde sonlaniyor. 2620 uzerinde ikinci bir ethernet olsaydi soylediginiz gibi, iki ISP yi de bunun uzerinde toplar, pbr i 2620 e yaptirabilir ve sorunu cozebilirdik. Ancak su anda bu cozum mumkun gorunmuyor. Pix uzerinden policy based routing yapmanin bir yolu yok mu?

On 5/25/06, Hakan Tagmac (htagmac) <htagmac@cisco.com> wrote:
>
> Metro switch'i bir bgp routerına baglasanız, o bgp router metro uzerinden
> bgp routelarını alsa ve aynı zamanda diger bir hattan baska bir SPye
> baglansa ve oradan da baska bgp routeları alsa ve kendisi farklı aglara
> erisim icin ya metro baglantısını ya da sp'yi kullansa bu bir yol
> olabilir. Pix'te sadece tek default route olabileceginden
> boyle bir yolla cozulebilir.
>
> BGP yapma imkanı yoksa, o router uzerinde policy routing yapılarak
> sozgelimi bazı kaynaklardan gelen erisimi metro uzerinden gonderirken
> digerlerini sp uzerinden gonderebilir.
>
> PIX 7.0'a cekilirse aktif aktif calısabilir.
>
> iyi calısmalar,
>
> Hakan
>
>
> ________________________________
>
> From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com] On
> Behalf Of Abdullah Haltas
> Sent: Thursday, May 25, 2006 9:39 AM
> To: cisco-ttl@yahoogroups.com
> Subject: [cisco-ttl] PIX uzerinde ISP redundancy
>
>
> Merhaba,
>
> Elimizde failover calisan iki adet pix 525 var, (sh ver ciktisi asagida)
> mevcut durumda uzerinde bir ISP sonlandirilmis durumda. Yeni aldigimiz
> metro
> etherneti de pix uzerinde sonlandirip, ISP redundancy saglamak, ayni anda
> hem ISP hem metro etherneti kullanmak istiyoruz. Pix uzerinde boyle bir
> tanimlama yapabilir miyiz? Tesekkur eder, iyi calismalar dilerim....
>
>
>
> Abdullah HALTAS
>
>
> *********************************************************************************************************
> PIX525# sh ver
>
> Cisco PIX Firewall Version 6.3(4)
> Cisco PIX Device Manager Version 3.0(2)
>
> Compiled on Fri 02-Jul-04 00:07 by morlee
>
> PIX525 up 20 days 0 hours
>
> Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
> Flash E28F128J3 @ 0x300, 16MB
> BIOS Flash AM29F400B @ 0xfffd8000, 32KB
>
> 0: ethernet0: address is XXXXXXXXXXXXX, irq 10
> 1: ethernet1: address is XXXXXXXXXXXXX, irq 11
> 2: gb-ethernet0: address is XXXXXXXXXXXXX, irq 10
> 3: gb-ethernet1: address is XXXXXXXXXXXXX, irq 5
> 4: gb-ethernet2: address is XXXXXXXXXXXXX, irq 11
> Licensed Features:
> Failover: Enabled
> VPN-DES: Enabled
> VPN-3DES-AES: Disabled
> Maximum Physical Interfaces: 8
> Maximum Interfaces: 12
> Cut-through Proxy: Enabled
> Guards: Enabled
> URL-filtering: Enabled
> Inside Hosts: Unlimited
> Throughput: Unlimited
> IKE peers: Unlimited
>
> This PIX has a Failover Only (FO) license.
>
> Serial Number: XXXXXXX)
> Running Activation Key: XXXXXXXXXXXX
> Configuration last modified by enable_15 at 15:44:52.607 UTC Thu May 11
> 2006
> PIX525#
>
>
> *********************************************************************************************************
>
>
> [Non-text portions of this message have been removed]
>
>
>
>
>
> --
> Cisco Teknik Tartisma Listesi (Cisco-ttl)
>
> Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya
> da
> bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
> tutulamazlar.
>
>
>
>
> SPONSORED LINKS
> Communication and networking <
> http://groups.yahoo.com/gads?t=ms&k=Communication+and+networking&w1=Communication+and+networking&w2=Cisco+systems+inc&w3=Wireless+communication+and+networking&c=3&s=100&.sig=pp-tTYdSpCcXkj1Wpfy1NA>
> Cisco systems inc <
> http://groups.yahoo.com/gads?t=ms&k=Cisco+systems+inc&w1=Communication+and+networking&w2=Cisco+systems+inc&w3=Wireless+communication+and+networking&c=3&s=100&.sig=Ry1fFVFpPg35KJkBQNAMtg>
> Wireless communication and networking <
> http://groups.yahoo.com/gads?t=ms&k=Wireless+communication+and+networking&w1=Communication+and+networking&w2=Cisco+systems+inc&w3=Wireless+communication+and+networking&c=3&s=100&.sig=Dh9JLSYtuTEz5xgUYupDyA
> >
>
> ________________________________
>
> YAHOO! GROUPS LINKS
>
>
>
> * Visit your group "cisco-ttl <
> http://groups.yahoo.com/group/cisco-ttl> " on the web.
>
> * To unsubscribe from this group, send an email to:
> cisco-ttl-unsubscribe@yahoogroups.com <mailto:
> cisco-ttl-unsubscribe@yahoogroups.com?subject=Unsubscribe>
>
> * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
> Service <http://docs.yahoo.com/info/terms/> .
>
>
> ________________________________
>
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
>
>
>
>
> --
> Cisco Teknik Tartisma Listesi (Cisco-ttl)
>
> Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya
> da
> bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
> tutulamazlar.
> Yahoo! Groups Links
>
>
>
>
>
>
>

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Fri May 26 14:13:32 2006

This archive was generated by hypermail 2.1.8 : Fri May 26 2006 - 14:13:39 EEST