We currently have a default route pointing to a pair of PIX firewalls running in failover mode. We have added another pair at a DR site and want to add a second default route to the second firewall pair. However when the first firewall pair fail, the deafult route still points to the interface of the primary pair of FW's that is now failed. I need to make this dynamic when there is a failure. The only way I can thik of configuring this is to create a default route on one of our outside internet facing routers and tunnel a IGP through the firewalls allowing only the default route through. Is there a better way to configure this ??
How are the 2 sites connected - via the external outside router you mentioned and/or another link? Depending on that connection, you can have each pair of pix's advertise a default route via rip. Then you can redistribute those routes into your IGP and set a metric so that the active pixs default is selected over the backup pix's (at the DR). Or if you are running rip, use an offset list to prefer one pair of pixs over the other.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :