SOLVED: Dual SOHO PIX 501's & SMTP

Discussion in 'Cisco' started by mh, May 9, 2004.

  1. mh

    mh Guest

    Solution is trivial ...

    Use a tool like www.ipchicken.com to discover outside WAN address
    In my cse if address is 24.x.x.x then I know I connected thru PIX#1

    Setup Outlook profiles accordingly

    I now have SOHO redundant access to the Internet; both at a hardware
    layer and at an access layer


    Thanks to all the anal...ysts who replied
    mh, May 9, 2004
    #1
    1. Advertising

  2. In article <>,
    mh <> wrote:
    :Solution is trivial ...

    :I now have SOHO redundant access to the Internet; both at a hardware
    :layer and at an access layer


    :Thanks to all the anal...ysts who replied


    This "anal...yst" would point out that the PIX series has
    no way of detecting that an interface is down and changing routing
    when it is, let alone refraining from acting as a DHCP server.

    ADSL in particular is prone to having failures one hop away from
    the CPE, leading to the situation where the outside interface is up
    but you can't get anywhere. In this case, you don't even get the
    clue that the outside interface transitions to down (which
    you could theoretically detect the message for on a syslog server, or
    perhaps even detect via an snmptrap.)

    You thus do not have redundant access at the hardware layer in
    the normal usage of 'redundant' as applied to network hardware layers.
    You might perhaps have software on all of your systems that is
    automatically testing connectivity and telling one or the other of the
    PIXes to turn its inside interface off (or at least to turn off dhcp
    service), but that would be redundancy at the -software- level... and
    if you were doing that of automatic work, then adjusting the smtp server
    would have been a fairly simple addition to your procedure.


    It thus appears to this "anal...yst", based upon what you have written
    so far, that what you -actually- have is a system that requires manual
    intervention when either of the WAN links fail. That's better than
    only having a single link available to you, but I don't think most of
    us would term it as being "redundant access".


    It is difficult for "anal...ysts" to give you the advice you are hoping
    for when you do not provide the "anal...ysts" with detailed information
    about how your systems are configured, about the automatic recovery
    procedures that are available to you, and about the manual steps that
    you are willing to take. In this newsgroup, the norm is that if people
    that have multiple ISP connections want as close to fully automatic fallover
    as they can get under their technical (and financial) situation. In
    situations where that is not true, the onus falls upon the poster to
    explain the poster's requirements.


    It is also difficult for "anal...ysts" to give you the advice you
    are hoping for when you insult them after they voluntarily tried to
    help you as best they could based upon the information you supplied.
    Not exactly the best approach you could have taken towards winning
    friends and influencing people.
    --
    Caution: A subset of the statements in this message may be
    tautologically true.
    Walter Roberson, May 9, 2004
    #2
    1. Advertising

  3. Dear ab...user

    You might be better off using a dual WAN router like the ones offered
    by Xincom (www.xincom.com). It can load balance 2 Internet feeds like
    (probably your case) one from Rogers and one from Sympatico (that yes,
    only allows SMTP traffic via their SMTP server). You can configure the
    Xincom router to bind the SMTP traffic to one of the links (i.e.
    Rogers). Since you appeared to be concerned with the cost, with this
    you do not need the Pix firewalls anymore and the Xincom itself is
    cheaper than a Pix. You can also get a similar appliance from Symantec
    but Xincom has more features.

    Adrian

    http://www.eventid.net/firegen/firegenpix2.asp

    (mh) wrote in message news:<>...
    > Solution is trivial ...
    >
    > Use a tool like www.ipchicken.com to discover outside WAN address
    > In my cse if address is 24.x.x.x then I know I connected thru PIX#1
    >
    > Setup Outlook profiles accordingly
    >
    > I now have SOHO redundant access to the Internet; both at a hardware
    > layer and at an access layer
    >
    >
    > Thanks to all the anal...ysts who replied
    Adrian Grigorof, May 10, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MyndPhlyp
    Replies:
    12
    Views:
    4,418
    MyndPhlyp
    Dec 16, 2003
  2. mh
    Replies:
    6
    Views:
    564
    Roger L
    May 10, 2004
  3. Andre
    Replies:
    7
    Views:
    715
    Andre
    Feb 20, 2005
  4. Mac Hammer
    Replies:
    5
    Views:
    928
    Jyri Korhonen
    Jun 21, 2005
  5. Replies:
    1
    Views:
    2,923
    www.BradReese.Com
    Aug 18, 2006
Loading...

Share This Page