Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Pix 515E, OSPF Equal cost paths

Is it possible to configure a Pix 515E with two ports on the 'outside' and two ports on the 'inside' of a network and run OSPF at either side. Because the Pix would see the same network on both it's 'inside' ports with equal cost would it get confused and therefore drop the traffic.

Failing that. Is there a way to get OSPF to report a lower bandwidth on one of the inside interfaces so that the other would be preferred without resorting to route-maps?

Basically I'm trying to get a single pix with lots of interfaces to maximise the bandwidth from the inside network to the outside world without the need to spend any money, or at least get some resilience out of the ports if not bandwidth - It's not my firewall or budget just my problem.

Any ideas?

Thanks

3 REPLIES
Silver

Re: Pix 515E, OSPF Equal cost paths

You can have a separate OSPF process running for the inside and outside interfaces. It is best security practices to keep this separate.

The pix does not support load balancing of interface. It would be difficult for the adaptive security algorithm to keep track of the traffic that it should and should not allow.

Best bet is to use routing and/or route-maps before the pix to control the flow of traffic.

What kind of device do you attached to your pix on the inside?

Where version are you running on the pix?

Thanks,

Chad

New Member

Re: Pix 515E, OSPF Equal cost paths

Thanks for the response.

Single 6500 on the outside with GRE tunnels terminating from several remote sources. Then there will be several Pix 515E's connected to a pair of 6500s on the inside. That's why I was looking at two NICs facing outwards and the other 4 NICs split between the two internal 6509's.

Multicast will be the primary incoming traffic.

Pix are currently running 6.3 but will be upgraded to 7.0 if needs be.

New Member

Re: Pix 515E, OSPF Equal cost paths

Forgot to add that all of the traffic will be getting sent to the same networks on the inside. This is why it's a bit of a pain because it's the same OSPF cost to all networks in both directions.

218
Views
0
Helpful
3
Replies
CreatePlease to create content