2 Pix's in Failover config working with BGP Peering
Hi, i have two Pix's, one Active the other failover - pointing to two routers (each connected to a different ISP configured with HSRP. My question is, obviously the PIX cannot run any dynamic protocols except RIP (which is not an option). i have a static route pointing to the VIP, is this enough to ensure routing provided one of my links goes down? How will the Pix behave when on ISP goes down or on Router goes down? Obviously, we have a public AS which is configured on both internal routers which are outside the pix connected to the ISP's routers.
Re: 2 Pix's in Failover config working with BGP Peering
The pix firewall should be fine with this configuration. If a router fails or a link fails provided you have tracking configured on the routers to monitor the connection to the ISPs then this configuration should work fine. The pix will use the VIP as its default route which should be transferred from one router to the other incase of failures.
The following link provide a very detailed overview of configuring BGP across PIX firewalls and how to achieve redundancy in multihomed BGP and PIX environment.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...