Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > SOLVED: Dual SOHO PIX 501's & SMTP

Reply
Thread Tools

SOLVED: Dual SOHO PIX 501's & SMTP

 
 
mh
Guest
Posts: n/a
 
      05-09-2004
Solution is trivial ...

Use a tool like www.ipchicken.com to discover outside WAN address
In my cse if address is 24.x.x.x then I know I connected thru PIX#1

Setup Outlook profiles accordingly

I now have SOHO redundant access to the Internet; both at a hardware
layer and at an access layer


Thanks to all the anal...ysts who replied
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-09-2004
In article <(E-Mail Removed) >,
mh <(E-Mail Removed)> wrote:
:Solution is trivial ...

:I now have SOHO redundant access to the Internet; both at a hardware
:layer and at an access layer


:Thanks to all the anal...ysts who replied


This "anal...yst" would point out that the PIX series has
no way of detecting that an interface is down and changing routing
when it is, let alone refraining from acting as a DHCP server.

ADSL in particular is prone to having failures one hop away from
the CPE, leading to the situation where the outside interface is up
but you can't get anywhere. In this case, you don't even get the
clue that the outside interface transitions to down (which
you could theoretically detect the message for on a syslog server, or
perhaps even detect via an snmptrap.)

You thus do not have redundant access at the hardware layer in
the normal usage of 'redundant' as applied to network hardware layers.
You might perhaps have software on all of your systems that is
automatically testing connectivity and telling one or the other of the
PIXes to turn its inside interface off (or at least to turn off dhcp
service), but that would be redundancy at the -software- level... and
if you were doing that of automatic work, then adjusting the smtp server
would have been a fairly simple addition to your procedure.


It thus appears to this "anal...yst", based upon what you have written
so far, that what you -actually- have is a system that requires manual
intervention when either of the WAN links fail. That's better than
only having a single link available to you, but I don't think most of
us would term it as being "redundant access".


It is difficult for "anal...ysts" to give you the advice you are hoping
for when you do not provide the "anal...ysts" with detailed information
about how your systems are configured, about the automatic recovery
procedures that are available to you, and about the manual steps that
you are willing to take. In this newsgroup, the norm is that if people
that have multiple ISP connections want as close to fully automatic fallover
as they can get under their technical (and financial) situation. In
situations where that is not true, the onus falls upon the poster to
explain the poster's requirements.


It is also difficult for "anal...ysts" to give you the advice you
are hoping for when you insult them after they voluntarily tried to
help you as best they could based upon the information you supplied.
Not exactly the best approach you could have taken towards winning
friends and influencing people.
--
Caution: A subset of the statements in this message may be
tautologically true.
 
Reply With Quote
 
 
 
 
Adrian Grigorof
Guest
Posts: n/a
 
      05-09-2004
Dear ab...user

You might be better off using a dual WAN router like the ones offered
by Xincom (www.xincom.com). It can load balance 2 Internet feeds like
(probably your case) one from Rogers and one from Sympatico (that yes,
only allows SMTP traffic via their SMTP server). You can configure the
Xincom router to bind the SMTP traffic to one of the links (i.e.
Rogers). Since you appeared to be concerned with the cost, with this
you do not need the Pix firewalls anymore and the Xincom itself is
cheaper than a Pix. You can also get a similar appliance from Symantec
but Xincom has more features.

Adrian

http://www.eventid.net/firegen/firegenpix2.asp

http://www.velocityreviews.com/forums/(E-Mail Removed) (mh) wrote in message news:<(E-Mail Removed). com>...
> Solution is trivial ...
>
> Use a tool like www.ipchicken.com to discover outside WAN address
> In my cse if address is 24.x.x.x then I know I connected thru PIX#1
>
> Setup Outlook profiles accordingly
>
> I now have SOHO redundant access to the Internet; both at a hardware
> layer and at an access layer
>
>
> Thanks to all the anal...ysts who replied

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
QNAP TS-219P Dual-Bay Home and SOHO NAS Ian Front Page News 0 09-04-2009 08:11 AM
NetGear SPH200D dual Dual-mode, Cordless Phone vs Dualphone 3088 dual mode cordless phone Paul NZ Computing 0 05-08-2007 09:06 AM
PIX 501 to Watchguard SOHO lnichols3@gmail.com Cisco 1 08-18-2006 01:09 AM
Your thoughts on dual PIX 501 access - redundant SOHO access mh Cisco 6 05-10-2004 04:32 PM
Cisco PIX and WatchGuard SOHO dynamic VPN connection Andy Low Cisco 5 05-10-2004 03:14 PM



Advertisments