I have an issue in that we have a pair of Pix's (version 6.3) and a router plugged into a switch. The firewalls are ours and the router is a customers. We have static routes on the firewall to the customers networks off their router however if the link from customer router to switch fails I need the route on the firewall to drop off and go via an alternate path (OSPF is configured to do this). The problem I am facing is that becuase the firewalls plug into a switch the interfaces remain UP UP even though the next hop (customer router) is no longer valid. If i can get the firewalls to see the route has disappeared and drop the static from the routing table then my problem will be resolved. Any ideas???
Re: Pix failover issue with static routes and OSPF
I have had problems running OSPF on anything other than the inside with 6.3(x) PIX code. But you could try this.
Use a L3 switch running OSPF. On the L3 switch create a static route for the customer that points to the interface they are connected to (will need to be a L3 interface rather than a L2 interface) and redistribute that route into OSPF.
Run OSPF on the PIX interface that connects to the switch and peer with the L3 switch. When the router goes down the switch will remove the customer route from the routing table.
You can do this x2 with the backup route advertised at a higher metric so it will only enter the routing table when the primary route goes down.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :