Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX and load balancing using OSPP/RIP

I have two routers outside the PIX .what is the best practise for the loadbalancing between the pix and the 2 routers.

which method is better ospf/Rip/Static to use between the pix and the routers?


Re: PIX and load balancing using OSPP/RIP

If you have two separate Internet connections you may connect one each to the both routers and do a static routing between routers and PIX. You can also load balance the traffic on the cards in the routers if they are connected to separate bus inside.

Re: PIX and load balancing using OSPP/RIP

AFAIK using OSPF is the only way you can load balance traffic in a PIX.

Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?

A. No, you cannot load-balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. When you connect two ISPs to a single PIX, it means that the Firewall needs to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load-balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Alternatively, (if possible) you can use Open Shortest Path First (OSPF) which supports load balancing among a maximum of three peers on a single interface.



CreatePlease to create content