I'm reading about active/active failover for a pix and assymetrical routing. here's what it says.
When running in Active/Active failover, a unit may receive a return packet for a connection that originated through its peer unit. Because the security appliance that receives the packet does not have any connection information for the packet, the packet is dropped. This most commonly occurs when the two security appliances in an Active/Active failover pair are connected to different service providers and the outbound connection does not use a NAT address.
i noticed the path it took was through another interface added to the pix to connect it to the same switch. what if my pix only has 3 ints? outside,inside and the stateful failover cable but both insides for each pix are on the same switch and both outsides of the pix are on another but the same switch. would the pix route the packets back out the interface it recieved it on.
what i mean is:
a packet comes in pix b outside int. but the connection status is on pix a. so it is going to route the packet over to pix b. does it route the packet back out the inside interface? hmm i remember something about split horizon. won't send packet out on int. it was recieved on? btw i will be using OSPF for loadbalancing between both pixs and the two routers.
What is the Pix version u have and what are the router models? Along with this info, check out the packet transfer using debug messages and check whether the load balancing is occuring in a proper way.This may provide u an answer regarding the necessity of third interface.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.