Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Proper PIX w/ VLAN design

Current setup has dual pix w/ failover (not lan failover) securing network (172.16.20.0) from customer network (10.10.4.0). They're both terminated into C6509 now.

with this design, i see single point of failure w/ BOTH fw's term'd to the 6509.

as we're moving to a redundant core/dist config, here is proposed design

customer_net----pix1----c65091

customer_net----pix2----c65092

create lan failover on both pix fw's

create/config vlan to both PIX fw's

thanks for any input. additionally, if someone has a visio / pdf showing this layout, it is appreciated.

2 REPLIES
Bronze

Re: Proper PIX w/ VLAN design

Hello,

In order for LAN failover to work, there needs to be connectivity between the firewalls on both sides to work: 65091 and 65092 should have a cable (or trunk) between them, as well as the presumably 2 switches on the customer_net.

--Jason

Please rate this message if it helps solve some/all of your issue.

100
Views
0
Helpful
2
Replies
CreatePlease to create content