PIX 515E-restricted, are multiple 'outside' ports possible
We currently have 2 firewalls at our site, each w/ there own public IP. One is a SonicWall (used for VPNs for a specific department as required by a 3rd party) and the other is a Cisco PIX 515E - restricted (used for other VPN connections and all other Internet traffic). I'm looking at installing another Internet line from a different ISP as a backup. The SonicWall allows a 2nd WAN port for failover, but I'm not sure about the PIX 515E. It appears that I can install another ethernet interface, but can it be used for a WAN (2nd 'outside') interface? Or only for a DMZ interface? If I can't used this other ethernet interface, can I set another default route that could send traffic to the SonicWall if and only if the current outside interface (ISP) was down? My preference would be to to utilize the SonicWall as I currently only allow some VPN traffic through that firewall. Any other options available using my PIX firewall?
Re: PIX 515E-restricted, are multiple 'outside' ports possible
Yes, you can have multiple outside ISP interfaces but the problem is that there is no way how the PIX would detect that the first ISP link is down if the link is not physicly down. For example if the ISP has troubles a few hops away.
But you could alway change manually the default route , or shut down the fist interface so that the second route would be used or use the BGP routing protocol with your ISP.
Last way is to purchase a Link Controller (Loadbalancer) that is able to do that directly insted of doing this on the Firewalls.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :