Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 can use console port for backup dialup ??

Hi,

Need to give a remote client with PIX 501-BUN K9 some fault protection, I want to know if is possible to connect an external modem to the console port and dial-UP to an ISP for VPN backup.

2 REPLIES
Silver

Re: PIX 501 can use console port for backup dialup ??

The Virtual Router Redundancy Protocol (VRRP) eliminates the single point of failure inherent in the static default routed environment. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router (a VPN 3000 Series Concentrator cluster) to one of the VPN Concentrators on a LAN. The VRRP VPN Concentrator that controls the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to those IP addresses. When the Master becomes unavailable, a backup VPN Concentrator takes the place of the Master.

VPN concentrator working with VRRP

Redundant VPN Concentrators are identified by group.

A single Master is chosen for the group.

One or more VPN Concentrators can be Backups of the group's Master.

The Master communicates its state to the Backup devices.

If the Master fails to communicate its status, VRRP tries each Backup in order of precedence. The responding Backup assumes the role of Master.

New Member

Re: PIX 501 can use console port for backup dialup ??

Unfortunately the PIX console port is not capable of doing a dial backup. Would be cool if it could.

To do a dial backup, I can think of two options off the top of my head:

- Replace PIX with a router that has an IOS image with the IPSEC/FW feature set and do your VPN from that (using a serial port/WIC, AUX port or an ISDN WIC for dial backup to the ISP).

- Leave the existing PIX as-is, have the existing internet link go through a router & set up that router with a dial backup (might have to NAT to the internet though...).

207
Views
0
Helpful
2
Replies
CreatePlease to create content