I have a PIX 515 that is dual homed to the Internet through 2 edge routers (1 router per ISP). How can I load balance outbound connections? It doesn't have to be perfect, I just want to utilize the second ISP.
Will this work if I run OSPF between the PIX outside interface and the routers? Also, if one link goes down I want it to fail over to the second link. I am not running BGP, both ISPs are advertising the same subnet.
Yes, you can run OSPF on the PIX and the edge routers. I am actualy lab testing the concept and getting ready to roll the same scenario to production. You will need to insure that your IBR's are sending a default route to the PIX (and that your PIX shows equal cost routes for the default, or whatever routes your trying to load balance. Elsewise adjust at your IBR's until it does).
Upgrade Finesse to 6.3(2)
6.3(1) will work, however it has a bug that will cause endless invalid packet length errors on the LSA's. 6.3(2) fixes this.
Cisco reccomends that you authenticate OSPF neighbors. Unfortunately, should you attempt to configure md5 authentication with the PIX, you will break OSPF. I have had a TAC case open on this for a while now, and it currently looks like it's gonna require a code upgrade to fix it.
When configuring OSPF on the PIX, remember that your network statements have to use standard netmasks (network 10.1.1.0 255.255.255.0 area 0) rather than the reverse dotted decimal that a router would use (network 10.1.1.0 0.0.0.255 area 0).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :