Cisco Support Community
Community Member

LAN to LAN pix redundancy


We currently have a setup where an office has two VPN connections with two differentISPs and two PIXes. Even though the office is in the same building, essentially it currently is two separate networks, with each PIX providing a VPN connection for half of the office each. The primary site has a VPN concentrator 3000.

What we would like to do is combine the networks and use the PIX in a redundant manner. Ideally we would like load balancing on the two ISP links in order to balance our traffic. Currently there is no router, the PIX outside interface connects directly to the ethernet presentation provided by the ISP.

My question is if this is possible, as I could not see any example of this kind of setup within the product support doco. Does the PIX support HSRP on the inside network? I couldn't find any doco confirming or denying this either....


Re: LAN to LAN pix redundancy

pix doesn't support hsrp, nor does pix support advanced internet load balancing.

with pix v6.x and 515e or higher, it supports stateful failover. it's more like active and standby, not load balancing.

with pix v7, it supports some sort of load balancing, however, it still wouldn't achieve the internet load balancing as per your original post.

CreatePlease to create content