Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
249
Views
5
Helpful
1
Replies

Config of 2 PIX FW on the same private network but seperated geographically

agrayson
Level 1
Level 1

‎03-01-2004 01:40 PM - edited ‎02-20-2020 11:16 PM

Hello

I have a NS location connected to a SS location via T-1. I have a NS PIX515 6.3 and a SS PIX 525 6.3. The NS PIX is the original PIX and has been in place for a couple years. We have 2 internet connections 1 on the SS and 1 on the NS. The SS has the new PIX525 and the new internet connection. I want SS users to use SS internet and NS users to use NS internet but if SS fails then SS users will still be able to access NS internet and vice versa. The 2 internet ISPs are 2 different companies. Any sample cofigs and or best practice. We will also be adding a DMZ after we get the initial config working. Suggestions

0 Helpful
1 Reply 1

richardmcmahon
Level 1
Level 1

‎03-02-2004 02:45 PM

You will need to use a router running BGP or similar protocol as the pix itself will only at best listen to RIP updates. Even so it cannot be used as a true router and will only route packets travesing interfaces and not in one-armed mode. Your clients in SS should point to this router as a default gateway which will then decide which gateway to use (pix or router to NS). You could use the NS-SS T1 routers for this if they have enough memory and have the correct IOS feature set.

Hope this helps,

Richard

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card