Is there a way to do routing over several parallel Pix 515E firewalls?
I have a 6509 on the inside network, 3 Pix firewalls and a single 6509 on the outside that terminates GRE tunnels from remote sites.
This all needs to pass a large amount of Multicast traffic which is too much for one Pix to handle.
The remote sites also need to route to each other on the outside via the 6509. Curently I can get the multicast traffic to pass through the right Pix by using VRFs on the outside 6509 but then the remote site to remote site routing can't work because there is no connection between the VRFs..
If I get rid of the VRFs I end up with equal cost routes and no control over the multicast traffic. The Pix firewalls also see routes to the inside network on their outside interfaces (I am using OSPF).
Has anyone encountered this type of Pix routing problem before and how did they deal with it?
Or is it not possible?
The solution also needs to scale because eventually there will be more than 1Gb of multicast traffic coming in to the core.
Thanks for any advice.