cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
412
Views
0
Helpful
2
Replies

Load Balancing with PIX 525 firewall

c-niwagaba
Level 1
Level 1

I read that PIX 525 Firewall supports load balancing. How can I configure PIX 525 firewall to perform load balancing if I have two Internet Providers?

1 Accepted Solution

Accepted Solutions

eddie.mitchell
Level 3
Level 3

Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?

A. No, you cannot load-balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. When you connect two ISPs to a single PIX, it means that the Firewall needs to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load-balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Alternatively, (if possible) you can use Open Shortest Path First (OSPF) which supports load balancing among a maximum of three peers on a single interface.

View solution in original post

2 Replies 2

eddie.mitchell
Level 3
Level 3

Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?

A. No, you cannot load-balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. When you connect two ISPs to a single PIX, it means that the Firewall needs to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load-balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Alternatively, (if possible) you can use Open Shortest Path First (OSPF) which supports load balancing among a maximum of three peers on a single interface.

Thank you for this answer, it has been really helpful.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: