I am trying to move my single point of failure up from my 3750 to my pix 515e. Currently, the 3750 has a default route to the pix inside interface. I have a second 3750 that I have confgured with HSRP. I would like to add it in the mix, such that the 2 3750's act as one (HSRP) and connect up to the 515. What I am not sure of is whether or not this is feasible, as the 515 routes to interfaces based on name (inside, outside, etc).
My experience with PIX is limited and your input has been valuable. I could introduce another L2 device above the 3750, but that does not get my SPoF to the PIX.
As an aside, can you create a virtual interface on the pix that will reference 2 physical interfaces (an HSRP for PIX -if you will)?
Trouble you have is that you won't be able to use 2 addresses out of the same subnet on the pix as it will complain about overlapping addresses just as a router would.
You could have 2 inside interfaces ie. inside1 and inside2 but they would need to be in differetn subnets. The other problem is you would need to ensure that traffic from the 3750 switches always went in and came back on the same inside interface or the firewall will complain.
You could conceivably have 2 interfaces connecting from the pix ie. inside1 and inside2. You could then have 2 default-routes on the 3750s one with an AD of 250 so it was only used if the first failed. But i'm very dubious as to how well this would work, if at all, and it would need testing which unfortunately i can't do for you as i have no access to pix firewalls. You might well need to run IP SLA on the 3750 to test when the interface had gone down on the pix as well.
You certainly wouldn't get stateful failover between the interfaces and i can see the NAT being an issue if the interfaces were suddenly switched.
For redundancy at the firewall level as you say you really need a pair of firewalls in active/standby or active/active mode.
The problem you have is that you can't have 2 inside interfaces on the pix in the same subnet and that's why it wouldn't work. So you could only really connect the pix to one of your 3750 switches but that isn't a problem if you stack the 3750 switches because then they are seen as one logical switch.