WAAS / Active-Standby PIX Firewalls

Unanswered Question

Hi -


So we are exploring ways to implement WAAS in our network and our connection into our WAN contains two PIX firewalls in Active/Standby mode with a connection to a single 3560 switch.


I understand WAAS can do failover when connected in a daisychain fashion, but what is we put a WAAS device on each link to the 3560, that way if I PIX fails we can have failover. Would this be feasible? Anyone ever tested something like this?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Zach Seils Tue, 11/13/2007 - 23:21
User Badges:
  • Cisco Employee,

Ben,


The inline module has 2 inline groups, each with a synchronous pair of ports. This allows for redundant physical connections inline through a single WAE.


Zach



rases Fri, 11/23/2007 - 01:52
User Badges:

Hi. We have a similar diagram.

We have a stack of switches when connected the internal LAN and DMZ, two ASA5510 in Active/Standby mode and a 2811 router.

We want to put the WAE512 in the inside side of Firewalls managing the traffic of interlan LAN and DMZ, because as we finish the IPSec Tunnels on ASAs we think the WAE can't be located outside the firewalls.

How can we do this??

Our WAE has the Inline network adapter.


Zach Seils Mon, 12/03/2007 - 06:42
User Badges:
  • Cisco Employee,

Rafael,


The WAE can be placed in the inside of the firewalls, so long as the ASAs are running a version of code that supports the 'inspect waas' command. This will allow the ASA to continue to inspect optimized flows.


Zach



Actions

This Discussion