Configuring load balanced PIX

Unanswered Question
Aug 14th, 2003
User Badges:

Dear all,


Can anybody give me some advise/links on configuring 2 PIX 515's in a load balanced configuration ?


The plan (maybe) is to have 2 PIX 515's connected via a LAN connection and located in seperate parts of the building, that connect to the Internet.


The idea being that we could have a resilient internet connection as well as spread the traffic between the two connections.


Thanks,


Simon.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
drolemc Wed, 08/20/2003 - 07:15
User Badges:
  • Silver, 250 points or more

I do not think that attempting load balancing using PIX firewalls connected to different parts of your network will work. With PIX deployed, the path taken by a packet coming in should be the same as that which was taken by the corresponding packet going out. This might not always happen in the topology you desire. Configuring Load Balancing and Redundancy with PIX firewalls is pretty different to doing the same using routers. To build redundancy, you will need to deploy 2 PIX firewalls in something called a failover pair. To do load balancing, you will need to configure the perimeter routers for the same or use PIXOS version 6.3, run OSPF and use Equal Cost Multipath Routes (ECMP). You can then load balance among a maximum of three peers on a single interface. More information on ECMP is available at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#1112559.

Actions

This Discussion