PIX 8.0 De Chinglu VPN and on-Internet traffic split and line redundancy test

I. Overview:

Both ends of the headquarters and division are PIX8.0, all for De Chinglu, such as a telecommunications line, a mobile line, requiring telecommunications lines to go their own online internet traffic, mobile line to go VPN traffic, but if the telecommunications line failure, or mobile line failure, can not interrupt the Internet and VPN connection.

Two. Basic ideas:

A. Set two default gateways, mobile line metric value is 254, Telecom line metric value is 1, and SLA Monitor telecommunication line Gateway

----This ensures that the default Internet traffic is going to the telecom line, when the telecommunication line fails, move the line.

B. Set two VPN traffic routes to the other intranet, the metric value of the telecommunication line is 254, the mobile line metric value is 1, and the interface address of the other PIX's mobile line is monitored by SLA.

----this to ensure that the VPN traffic default to move the line, when the mobile line failure, both sides of the VPN traffic is off the telecom line

Three. Test topology:

Four. Basic configuration:

A.R1:

Interface fastethernet0/0

IP address 172.16.1.2 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 172.16.1.1

B.PIX1:

Interface Ethernet0

Nameif inside

Security-level 100

IP address 172.16.1.1 255.255.255.0

No shut

Interface Ethernet1

Nameif Outside

Security-level 0

IP address 202.100.1.1 255.255.255.0

No shut

Interface Ethernet2

Nameif Backup

Security-level 0

IP address 61.1.1.1 255.255.255.0

No shut