Re: Proper PIX w/ VLAN design

tsrader · ‎11-16-2006

Current setup has dual pix w/ failover (not lan failover) securing network (172.16.20.0) from customer network (10.10.4.0). They're both terminated into C6509 now.

with this design, i see single point of failure w/ BOTH fw's term'd to the 6509.

as we're moving to a redundant core/dist config, here is proposed design

customer_net----pix1----c65091

customer_net----pix2----c65092

create lan failover on both pix fw's

create/config vlan to both PIX fw's

thanks for any input. additionally, if someone has a visio / pdf showing this layout, it is appreciated.

b.hsu · ‎11-22-2006

Try these links:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1116060

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/advanced.htm#xtocid8

jgervia_2 · ‎02-06-2007

Hello,

In order for LAN failover to work, there needs to be connectivity between the firewalls on both sides to work: 65091 and 65092 should have a cable (or trunk) between them, as well as the presumably 2 switches on the customer_net.

--Jason

Please rate this message if it helps solve some/all of your issue.