Re: IP Object tracking PIX 7.2

rasoftware · ‎07-04-2007

In the past I have used routers with ip sla and object tracking to delare routes good or bad. I read something recently which makes me think this can be done on PIX 7.2. Can someone post a sample config or link?

I currently use a 1800 infront of my PIX 6.3's to perform this function, it would certainly be more elegant if the PIX 7.2 could determine which gateway to use and thesefore the tunnels.

JBDanford2002 · ‎07-04-2007

Yes it is possible. Think this is what you are looking for.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

rasoftware · ‎07-04-2007

This is exactly what I need - wish they had had the 7.2 two years ago.

Basically before I had to have PIX with private outside address linked to 1800 with private and public addresses with the IP SLA track on there.

But this is great been able to configure a backup IP on a spare interface with a public IP from different ISPs. If using a PIX with only 2 interfaces I assume this can't work.

Do you know if it will accept and IPSEC connection on the backup interface during failover?

JBDanford2002 · ‎07-04-2007

What kind of IPSEC connections? Remote Clients or Lan to Lan?

rasoftware · ‎07-04-2007

LAN to LAN IPSEC. I assume we could have a second peer address on the remote PIX as we do now using the 6.3 & router solution.

Essentially i'm checking the backup E2 interface with ISP2 say will respond to IKE/IPSEC as if it we the main E1 ISP1.