This is regarding PIX failover and HSRP put together to have 100 % redundancy. Device connectivity is like this . Two routers having serial links to separate ISPs ( R1 and R2 ). . Ethernet ports of these routers connected to two separate switches.( outside-sw1 and outside-sw2 ) Two PIX firewalls connected in state-full failover mode. , outside interface ( pix1-outside and Pix2-outside ) of these PIX will be connected to the previously mentioned switches(outside-sw1 and outside-sw2 ) . Similarly Inside interfaces ( pix1-inside and pix2-inside ) of these PIX will be connected to two separate switches. ( inside-sw1 and inside-sw2).
In a nutshell , R1- eth0 outside-sw1 ,
PIX1-outside outside sw1
R2-eth0 - outside-sw2
PIX2 -outside outside-sw2
And PIX1-inside inside-sw1
PIX1 to PIX2 failover cable and lan cable
inside-sw1 to inside-sw2 cross cable / trunk
outside-sw1 to outside-sw2 cross cable / trunk
So it is a chain of devices running in parallel giving redundancy upto each device level.
Is it possible to configure HSRP with these routers , switches and failover with PIX.
Any link about integration of these devices will be appreciated
If you are usging BGP and are multihomed with a primary and a backup link, dont use HSRP. Peer with the two isp with eBGP and peer your edge router with iBGP. Between the edge router and the pix, run ospf. The two edge router should send only a default route to the pix. Use a route-map on the 2 router to get them to only sent default if they have the best outside route.
We are in the process of bringing up a secondary router and internet connection (same ISP). I do plan on running BGP between these routers and eBGP between their neighbors. I currently have one PIX 515 (6.3) using static routes. Could you post or email me privately the OSPF configuration? Do you run OSPF between your PIX and inside network? Or only run OSPF between the PIX and internet routers? I am unsure of how to provide a different default gateways on the PIX. Thank you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...