Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

openBSD CARP protocol in PIX/ASA firewall

Hi Experts,

In my topology i have pix 525e and asa 5520 in a parallel connection. I want to implement redundancy between this two firewall.

My question is "is that possible to implement openBSD CARP protocol in PIX/ASA firewall?" if so please guide me with your ideas.

Initially im planning to implement it in GNS3 and if works fine then ill do it in real machine. Please help me if there is any other possibilities for redundancy between this two different firewall.

Thanks,

Sridhar 

3 REPLIES

I don't think you will be

I don't think you will be able to do this.  You can do ASA failover between two firewalls with identical hardware and firmware, but they don't support CARP and you won't be able to Cisco failover between a Pix and an ASA.

-- Jim Leinweber

New Member

Thanks for your reply Jim.Is

Thanks for your reply Jim.

Is there any other possibilities to replace existing PIX firewall with ASA firewall without downtime. Please find the topology diagram.

Thanks,

Sridhar

Unfortunately, no.  You can

Unfortunately, no.  You can do zero-downtime upgrades of failover pairs, but the Pix  and ASA hardware and firmware's are too far apart for that.  In your diagram there might be ways to replace Pix5 by routing traffic over ASA4, but I don't think anything can be done about Pix6.

I'm lucky enough to work for an organization which can tolerate short outages outside of production hours, so it hasn't been an issue for me.

-- Jim Leinweber, WI State Lab of Hygiene

169
Views
0
Helpful
3
Replies
CreatePlease to create content