Re: WAN Connection using 2 Paths, one for up one for Down?

In article <OgdQh.2066$5e2.37@xxxxxxxxxxxxxxxxxxxxxxxxxx>,
Scott Townsend <scooter133@xxxxxxxxxxxxxxxx> wrote:
We have a remote office that is currently connected via Point to Point T1
via T1. SO we have the 1.5meg connection.

We'd like to get a DSL/Cable Internet connection for Faster Download access.

We have a PIX that We'd like to add to the Mix. (already have one at HQ)

What would be the best way to do the routing for this. I would want all
upload traffic from the remote office to use the T1 to the Office and All
traffic from the Office to use the Site to Site VPN on the Pix to the Remote
Office.

If all the traffic from the remote office is to go to HQ, and all
traffic from HQ is to go to the remote office, then where does
Internet access fit in? Is it to be handled independantly at the
two offices, or is one office supposed to forward Internet-bound
traffic to the other office for processing? If it is to be
forwarded, then you would need PIX 7.x in order to get the forwarding
working.

If you intend to split traffic, two unidirectional branches, then
you need to recombine the traffic before it enters the PIX, or else
the PIX will only see one side of the conversation and will not be
able to firewall properly (and so will drop all the TCP conversations.)
The recombining is going to require a router of some kind.

Once the router is in place, directing the traffic unidirectionally
would be a simple static default route pointing through the desired ISP.

On the other hand, if you want the configurations to notice that
one of the paths has gone non-functional (DSL and cable don't have
the greatest of reliability), then your configuration gets much more
difficult!

Using two unidirectional links is also a waste of bandwidth. What
you'd prefer to do is use something like OSPF with Unequal Cost Routes
so that the two possible routes are used in proportion to their capacities.
.

Relevant Pages

  • Subnets and VPN
    ... We are getting ready to open a new remote office and I have a few ... Cisco Pix 506e ... We will have site to site VPN setup through the 2 Pix routers. ...
    (microsoft.public.windows.server.networking)
  • Cisco pix 515+ static routes between 2 cisco pix
    ... I have a big problem with static routes... ... Network A (remote office 1) ... Cisco pix "B" has no vpn tunnels, but i need to those guys which are ...
    (comp.security.firewalls)
  • Cisco pix 515 + static routes between 2 cisco pix
    ... I have a big problem with static routes... ... Network A (remote office 1) ... Cisco pix "B" has no vpn tunnels, but i need to those guys which are ...
    (comp.security.firewalls)
  • Re: WAN Connection using 2 Paths, one for up one for Down?
    ... We were thinking to use the Cable/DSL for all Internet Traffic. ... Though it would be nice at Night when the Backups happen, to take advantage of the 6meg Intetnet Connection and push the backup data to the remote location via the internet Connection to the Internet too). ... Seems like when we had a Remote Office in Sacramento, the Route the Packets took to get to the office went pretty much directly there. ... >We have a PIX that We'd like to add to the Mix. ...
    (comp.dcom.sys.cisco)
  • Is it possible to connect DFL-200 g2g to PIX
    ... Is it possible to setup a g2g using a dfl-200 and a PIX? ... all the users at the remote office connect using the cisco VPN client ...
    (comp.dcom.sys.cisco)