Routing Issue

I have two firewalls/gateways to the internet. The PRIMARY is 10.0.0.1 and
the SECONDARY 10.0.0.2.

I have a server with an address of 10.0.0.10

The server has it's gateways setup as 10.0.0.1 with a metric of 1 and
10.0.0.2 with a metric of 50.

If/when the primary firewall is down then incoming mail servers try to
access 10.0.0.10 via the SECONDARY route but the as the server has the
PRIMARY firewall as the default route the incoming mail cannot get through.

This is not so much of a pain with email, we have other services that are
more critical and this is causing an issue.

Any suggestions???

Thank you.

Richard




Richard Edwards

BGP
http://en.wikipedia.org/wiki/BGP
"Richard Edwards" <(E-Mail Removed)> wrote in message
news:eAvvL3$(E-Mail Removed)...
> I have two firewalls/gateways to the internet. The PRIMARY is 10.0.0.1 and
> the SECONDARY 10.0.0.2.
>
> I have a server with an address of 10.0.0.10
>
> The server has it's gateways setup as 10.0.0.1 with a metric of 1 and
> 10.0.0.2 with a metric of 50.
>
> If/when the primary firewall is down then incoming mail servers try to
> access 10.0.0.10 via the SECONDARY route but the as the server has the
> PRIMARY firewall as the default route the incoming mail cannot get
through.
>
> This is not so much of a pain with email, we have other services that are
> more critical and this is causing an issue.
>
> Any suggestions???
>
> Thank you.
>
> Richard
>
>

thanks. but i am not sure how this helps me.

Richard

"Neteng" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> BGP
> http://en.wikipedia.org/wiki/BGP
> "Richard Edwards" <(E-Mail Removed)> wrote in message
> news:eAvvL3$(E-Mail Removed)...
>> I have two firewalls/gateways to the internet. The PRIMARY is 10.0.0.1
>> and
>> the SECONDARY 10.0.0.2.
>>
>> I have a server with an address of 10.0.0.10
>>
>> The server has it's gateways setup as 10.0.0.1 with a metric of 1 and
>> 10.0.0.2 with a metric of 50.
>>
>> If/when the primary firewall is down then incoming mail servers try to
>> access 10.0.0.10 via the SECONDARY route but the as the server has the
>> PRIMARY firewall as the default route the incoming mail cannot get
> through.
>>
>> This is not so much of a pain with email, we have other services that are
>> more critical and this is causing an issue.
>>
>> Any suggestions???
>>
>> Thank you.
>>
>> Richard
>>
>>
>
>

"Richard Edwards" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> thanks. but i am not sure how this helps me.

The general answer to what you are trying to do is:

"No! It doesn't work like that,..you can't do that!"

The more complex answer is that you can use Dynamic Routing Protocols. I
can't help you there,..don't bother to ask.

Another option would be to run both Internet Links into the same Router that
is on the "outside" of your Firewall Device. The Load-balancing or
Fail-over will be 100% the job of the single Router they run into. This
makes the two Lines "redunant", but not the router, not the firewalls.

If you want the Firewalls & Routers to be redundant, and assuming these are
simple NAT Devices then you use Dead Gateway Detection. You don't fool with
any metrics. DGD is very "clunky", doesn't behave as people expect and you
could never even drag me kicking and scream to ever deploy it,...but here is
how.

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default...b;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default...b;EN-US;171564

If your firewalls are actually "proxy devices", like maybe ISA Server
Enterprise Edition, then you would create a "proxy array" to make the
proxies redunant.

The bottom line is that there is *aways* a "Point of Failure"
somewhere,...you can pretty much never achieve full redundancy. There is
always someplace somewhere that can be a point to screw it all up.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

To do what you want, the correct way, you should implement BGP. Internally,
like Phillip suggested, you should use something like OSPF or EIGRP.

"Richard Edwards" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> thanks. but i am not sure how this helps me.
>
> Richard
>
> "Neteng" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > BGP
> > http://en.wikipedia.org/wiki/BGP
> > "Richard Edwards" <(E-Mail Removed)> wrote in message
> > news:eAvvL3$(E-Mail Removed)...
> >> I have two firewalls/gateways to the internet. The PRIMARY is 10.0.0.1
> >> and
> >> the SECONDARY 10.0.0.2.
> >>
> >> I have a server with an address of 10.0.0.10
> >>
> >> The server has it's gateways setup as 10.0.0.1 with a metric of 1 and
> >> 10.0.0.2 with a metric of 50.
> >>
> >> If/when the primary firewall is down then incoming mail servers try to
> >> access 10.0.0.10 via the SECONDARY route but the as the server has the
> >> PRIMARY firewall as the default route the incoming mail cannot get
> > through.
> >>
> >> This is not so much of a pain with email, we have other services that
are
> >> more critical and this is causing an issue.
> >>
> >> Any suggestions???
> >>
> >> Thank you.
> >>
> >> Richard
> >>
> >>
> >
> >
>
>