I am using a pix501 firewall as my internet gateway and vpn server to serve internal corporate staff and remote users. The pix501 is currently connected to a cable modem to get outside. I intend to implement another redundant high-speed connection to my existing solution as a backup. But, I do not want to reconfigure the pix from ground up when i switch between the 2.
Is it as simple as changing the external ip address on the pix and do a write mem and i am done!?
Adding a second link to the PIX should be easy and straight forward. All you wil need is to configure your IP address on the interface, or just configure it to get a dynamic address from your service provider.
Now, to have these two links backup to one another without any human intervention should also be easy. I would assume you are getting a dynamic IP from both providers (cable modem and DSL), in such case, you will have two different gateways in your PIX routing table once each ISP DHCP releases an IP address for your interface.
Issue show route command in the PIX prompt to double check on that, you should have something like,
outside 0.0.0.0 0.0.0.0 126.96.36.199 OTHER static
In some situations unfortunately, PIX will only hold one gateway information, not two, in such case, you may need to configure a secondary one by yourself with "route" command. Let me know what you currently have in your PIX routing table.
I don't think you will need to do anything.. the links will be redundant as long as your ISP releases IP for you. Try to disconnect the link that has the 188.8.131.52 IP and see how it goes.. you should get another default gateway from your other interface.. Just give it like a minute or so to get the ip.
Have you already configured "ip address xxxx dhcp" in both interfaces connected to your ISPs? If so, there shouldn't be a problem.
The only thing that you won't be able to do though is to load balance between both links.
I already have 2 different static ips given by our isps. I am not using dhcp at all.
Can add another static ip to the outside interface?
I don't understand when you say configuring dhcp in both interfaces connected to your isps! There's only one outside interface on the pix501 and in my case, I want it to use different IP without user intervention.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :