Cisco Cisco IPS 4520 Sensor Libro bianco
29
Firewall
August 2012 Series
29
Step 16:
Select
Monitored, and then click Apply
.
Next, you will create the default route to the primary Internet CPE’s address.
Step 17:
In
Configuration > Device Setup > Routing > Static Routes
, click
Add
.
Step 18:
In the Add Static Route dialog box, in the
Interface
list, chose the
interface created in Step 9 (Example: outside-16)
Step 19:
In the
Network
box, enter
0.0.0.0/0.0.0.0
.
Step 20:
In the
Gateway IP
box, enter the primary Internet CPE’s IP
address, and then click
OK
. (Example: 172.16.130.126)
Step 21:
On the Static Routes pane, click
Apply
.
Option 2. Using a Trunked Dual ISP design
If Dual ISP access is not being used, skip to Procedure 4. This procedure
assumes that the configuration in Procedure 3 Option 1: was completed for
the primary ISP connection.
If Dual ISP access is not being used, skip to Procedure 4. This procedure
assumes that the configuration in Procedure 3 Option 1: was completed for
the primary ISP connection.
When resilient Internet access (Dual ISP) is required, the appliances’
GigabitEthernet 0/3, which is configured as a VLAN trunk to the outside
switch, is assigned an additional VLAN to use to connect to the secondary
ISP. The VLAN trunk allows the appliance to use separate VLANs for the
upstream internet routers.
GigabitEthernet 0/3, which is configured as a VLAN trunk to the outside
switch, is assigned an additional VLAN to use to connect to the secondary
ISP. The VLAN trunk allows the appliance to use separate VLANs for the
upstream internet routers.
The primary route carries a metric of 1, making the route preferred; the pri-
mary route’s availability is determined by the state of the ‘track 1’ object that
is appended to the primary route. The route-tracking configuration defines a
target in ISP-1’s network to which the appliance sends ICMP probes (pings)
in order to determine if the network connection is active. The target is an
object on the primary service provider’s network, such as an intermediate
router that can be discovered with traceroute.
mary route’s availability is determined by the state of the ‘track 1’ object that
is appended to the primary route. The route-tracking configuration defines a
target in ISP-1’s network to which the appliance sends ICMP probes (pings)
in order to determine if the network connection is active. The target is an
object on the primary service provider’s network, such as an intermediate
router that can be discovered with traceroute.