I have two PIX firewalls 515 and 525 running 6.3.
The outside interfaces are connected to the edge router via a DMZ switch.
The router and PIX firewalls are running OSPF. Both PIXs are running OSPF on the inside as well, the reason for the two processes.
The idea is for the router to get the default route from the PE router and advertise it to the PIXs which in turn will give the internal network the Default route.
When we loose Internet, the default flips to the DR site.
One PIX is forming adjacentcy with the router ok, the other one is not.
The PIX that is working is showing the OSPF process on the Public subnet as having no Interfaces in it.
The PIX that does not participate in the OSPF process shows as having an interface in that process.
TAC says the PIX that does not work is confused about how to do the route.
The only thing I see is that the PIX not working does not have the outside public subnet in both processes.
Would it be better to configure the public subnet in only the one outside process and distribute it into the other process on the inside network?
The non working PIX is where critical customer servers are and we have lost connectivity due to the OSPF problems and I would like to fix it.
any input on this would be appreciated