RE: Query regarding Cisco Router

["Sink, Douglas D (Doug), RTLSL" <ddsink () att com>]

See answers inserted below

-----Original Message-----
From: prasad_patkar [mailto:prasad_patkar () pcsil com]
Sent: Tuesday, September 24, 2002 1:27 AM
To: auscert () auscert org au
Cc: Rana Waqar; firewall-wizards-request () honor icsalabs com;
firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Query regarding Cisco Router



 Hi all

I have Query regarding ROUTER.
I have 2 different ISP connections 1st DSL Connection (Broadband) & 2nd 2Mpbs Leased Line.
I want to terminate both on router Cisco 1751V and configure it for fail over i.e fail over of ISP


Router is required to be configured for fail over. I.E if 2Mbps LL fails DSL will take over & Vice versa.

I have connected Firewall behind it. Firewall has only 3Ports(LAN, WAN, DMZ) Both ISP have provided 4 Ips. 2 IPs from 
both ISP are used for DMZ servers (Mail & Application). 
Both ISP are told to put DNS entries of others IP in their DNS Server. (i.e. DSL will put IP of Leased Line ISP and 
vice versa). 

Firewall cannot have 2 WAN gateways.

Firewall is to be configured for Leased Line ISP provider.

WAN IP of Firewall  === IP of Leased Line ISP.
Gateway of Firewall === IP of Leased Line ISP


REQUIREMENT: - 

1)      DSL hathway connection will be used only for Internet Access.
2)      2mbps Leased Line ISP will be used only for Remote Office accessing Application server and Mail being 
downloaded in Mail Server. 
3)      E.g. If user wants to access a Internet, then request will be forwarded by Proxy server if customer has it or 
it will be directly forwarded to LAN IP of  Firewall which will be in turn forwarded to router. Router has to forward 
it to DSL connection. All internet  surfing has to be done only through DSL connection

[dds] Connecting to two different ISPs with the same IP address space requires BGP routing and an autonomous system 
number from ARIN. Some load balancing products (e.g. Radware and Fatpipe) allow you to do this without BGP but you need 
IP address space from both providers (or two /24 blocks).

·       Can traffic coming from Firewall WAN Port  be directed by Router accordingly. I.e if Http traffic is coming 
from Firewall to router Router has to Direct it to Hathway. While all incoming will be coming via Leased Line ISP. 

[dds]: generally, no. Firewalls are not routers and can only have one, simple default gateway or a few static routesl 
based on the destination address, not the application.


·       Can router be configured in such a way that if HTTP request I.e port 80 traffic is coming it can be directed to 
DSL Connection(BroadBand ).While incoming HTTP or any other traffic used for accessing internal MAIL SERVER & 
Application server has to be only through LEASED LINE ISP.

[dds] routers can do this--it's called policy routing, however, it's uses lots of CPU power and is not easy to 
configure. Another product, called "Fatpipe" might be a good solution. It can do this in a way that is easier to 
configure and you don't need BGP routing.

·       Only when either fails one of them has to take care of other. I.e if DSL connection fails then router has to  
automatical diver all traffic to Leased Line ISP. And if Leased Line ISP fails it has to direct the traffic to DSL 
connection.

·       For achieving this what changes I have to apply in hardware or any request has to be given to ISP Provider.

   















 


--
Prasad Patkar
Sr Engg-Networking

ADDRESS :-
PCS INDUSTRIES LIMITED,
310/316 RAHEJA CHAMBERS,
NARIMAN POINT MUMBAI-400 021.
TELEPHONE:- 2875525-29 


--

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards