Config of 2 PIX FW on the same private network but seperated geographically

Unanswered Question

Hello

I have a NS location connected to a SS location via T-1. I have a NS PIX515 6.3 and a SS PIX 525 6.3. The NS PIX is the original PIX and has been in place for a couple years. We have 2 internet connections 1 on the SS and 1 on the NS. The SS has the new PIX525 and the new internet connection. I want SS users to use SS internet and NS users to use NS internet but if SS fails then SS users will still be able to access NS internet and vice versa. The 2 internet ISPs are 2 different companies. Any sample cofigs and or best practice. We will also be adding a DMZ after we get the initial config working. Suggestions

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
richardmcmahon Tue, 03/02/2004 - 14:45
User Badges:

You will need to use a router running BGP or similar protocol as the pix itself will only at best listen to RIP updates. Even so it cannot be used as a true router and will only route packets travesing interfaces and not in one-armed mode. Your clients in SS should point to this router as a default gateway which will then decide which gateway to use (pix or router to NS). You could use the NS-SS T1 routers for this if they have enough memory and have the correct IOS feature set.


Hope this helps,


Richard

Actions

This Discussion