Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to fulfill the failover architecture with two pix and four switches?

Hi,I have the following network architecture:

Core switch(A)6509==Core switch(B)6509

| |

PIX535(A)----------PIX535(B)

| |

Switch(A)3560==Switch(B)3560

| |

Border Router(A) Border Router(B)

| |

Extranet Network

Pls help me and give me any good advice for the architecture for fulfiling the full failover.

Thanks

2 REPLIES
Bronze

Re: how to fulfill the failover architecture with two pix and fo

PIX Firewall failover allows you to configure two PIX Firewall units in a fully redundant topology.

For configuring failover

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080602f98.htm

New Member

Re: how to fulfill the failover architecture with two pix and fo

I have put in a number of architectures based on a pair of PIX and a pair of 2960s. using the WS-C2960-24TT-L, link the two GE ports as channelled trunks. Create as many VLANs as you need, ensuring that each VLAN appears on both switches. Connect your core switches, one to each 2960 and your inside interfaces, again, one to each. Connect other interfaces in a similar fashion. This allows for the complete failure of any one device.

If you need to physically separate the devices, use the WS-C2960-24TC-L switches, and fibre SFPs, don't channel the uplinks, but use RSTP over two separate links, with the heartbeat and sync connections biased onto one link and the data connections biased onto the other.

Hope this helps.

Dave

227
Views
0
Helpful
2
Replies
CreatePlease to create content