Hi NetPro's. I'm looking for a way to add path redundancy to select sites on my existing site to site VPN (all PIX based at the moment).
My headend is a PIX 525 (running 7.0.4) and the remote sites are either 501's or 506's (running 6.3.5).
I would like to add path redundancy to some of the remote sites by adding in a second PIX on a different ISP connection.
Now, in this type of scenario, is it best to define the tunnel using multiple peers on the headend configuration and place a router behind the two 501's on the client side?
By using OSPF on the headend PIX and the client side router, would it bring up both peers in the tunnel group at the same time and fail over to each path without issues, or can the PIX only speak with one peer of the tunnel group at a time, and the OSPF on the router would pick up which PIX is currently active and start using it instead?
If I activate OSPF on my headend PIX, can it be specified on which tunnels to use, or will it broadcast out on all tunnels by default?
Is there a better direction I should be going with this?
there is no way for the pix to connect to both primaryand secondary switch.Normally in pix failover, both pixes connect to the same switch. If one pix fail the othertakes over. In your scenario, pix and switch fails at the same time and of course,
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :