Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DUAL VPN PATH SUPPORT ON PIX

Dear All,

I have a Internet gateway router with internet uplink from two ISPs. Behind the Internet Gw router, I have PIX 515e ver 6.3 firewall.

My remote peers are also connected to internet. I want to terminate VPN tunnel on PIX firewall with site to site vpn configuration

The objective is to provide HA such that if one ISP link goes down, my traffic should pass through other ISP link. How do I do this on PIX so that if one tunnel configured through ISP A tears down, data should take alternate path from second tunnel configured through ISP B.

Is this possibly on PIX. Do I have to use two interface to connect to Internet gateway and configure VPN tunnel on each ???

Pl. help

1 REPLY
Cisco Employee

Re: DUAL VPN PATH SUPPORT ON PIX

You can't really do this on the PIX, since the PIX only has one default route pointing to the Internet gateway router.

The best way to do this is get a routable /30 subnet (2 hosts) for the connection between the PIX and the Internet router, then have the router advertise this subnet out to both ISP's. Point your remote peers to the PIX routable outside address, the traffic will be routed over one ISP and if that one goes down BGP should re-route everything to the other ISP. The PIX doesn't need to know anything about the external routing.

92
Views
0
Helpful
1
Replies
CreatePlease login to create content