cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
0
Helpful
3
Replies

openBSD CARP protocol in PIX/ASA firewall

shreedharraj
Level 1
Level 1

Hi Experts,

In my topology i have pix 525e and asa 5520 in a parallel connection. I want to implement redundancy between this two firewall.

My question is "is that possible to implement openBSD CARP protocol in PIX/ASA firewall?" if so please guide me with your ideas.

Initially im planning to implement it in GNS3 and if works fine then ill do it in real machine. Please help me if there is any other possibilities for redundancy between this two different firewall.

Thanks,

Sridhar 

3 Replies 3

James Leinweber
Level 4
Level 4

I don't think you will be able to do this.  You can do ASA failover between two firewalls with identical hardware and firmware, but they don't support CARP and you won't be able to Cisco failover between a Pix and an ASA.

-- Jim Leinweber

Thanks for your reply Jim.

Is there any other possibilities to replace existing PIX firewall with ASA firewall without downtime. Please find the topology diagram.

Thanks,

Sridhar

Unfortunately, no.  You can do zero-downtime upgrades of failover pairs, but the Pix  and ASA hardware and firmware's are too far apart for that.  In your diagram there might be ways to replace Pix5 by routing traffic over ASA4, but I don't think anything can be done about Pix6.

I'm lucky enough to work for an organization which can tolerate short outages outside of production hours, so it hasn't been an issue for me.

-- Jim Leinweber, WI State Lab of Hygiene

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: