redundant link, HSRP?

I havea pix 501 and a managed T1 comming into the building. I need something incase that T1 drops. It can be as advanced as auto failover, or as simple as me calling someone up at the branch and having them move a cat5 cable from one device to another.

I was thinking of HSRP, but I would need access to both the routers and the people who manage the T1 now said they will not setup HSRP with us, and if we want to do that I need to change the service to us managing it.

We were thinking of a dsl circuit for the backup link, I just need to find a reliable way to make it kick over to that if/when the T1 drops.

My only requirement for a working setup is that my pix501 connects to our 3020 to establish a vpn tunnel, I don't need the same IP, and I would go through nat if I had to.

How would you guys handle this situation?

I've thought of unmanaged T1 w/ an extra ethernet card for a connection from a dsl modem/router and somehow have it switch to route over the DSL if the serial int goes down,

I've thought of 2 routers with HSRP in the same setup w/ unmanaged T1 so I can have it failover to the dsl, and if the T1 comes back up have the T1 router be the active link again,

I've thought of a managed T1 going to the managed router, and two seperate routers behind it doing HSRP.... but I don't know how that would work since the ethernet of the T1 would still show up/up if the serial goes down.

I also thought of having two PIX501s and just plugging one in at a time, IE monitor the s0 int of the T1 router and if its up have someone go and move the cat5 from the dsl connected pix to the T1 connected pix.

Reply to
jbeez
Loading thread data ...

-------- Original Message --------

I would go with statefull fail over

formatting link
But if you have a router behind that pix that can handle fail over with static floating routes and tracking objects that would be great.

formatting link
formatting link

Hope this helps.

Reply to
Anthrax

I don't believe anything below a pix515 can do failover, at least I can't issue any of the failover commands on my 501s and I'm not finding any documentation to support otherwise.

Reply to
jbeez

-------- Original Message --------

Yes you are right, read to quick your post and did not realize of the platform you have, the if you have a router behind you might want to do PBR with tracking objects and floating static routes.

Reply to
Anthrax

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.