I have two pix 525 firewalls ( one with UR license and the second one with FO-AA license) , firewalls are running in active/active mode . this set of Firewall is connected to a perimeter router connected to Internet , My question is how do i configure the perimeter router to talk to both firewalls at the same time ?
i would be very grateful if you could provide me with sample configurations and URLs showing how to configure the perimeter router plus the two pix in active/active mode .
i already read this doc and does not not cover release 7.0 , it is related to Active/Standby mode , Not to active/active mode that i am asking about and how the communication with the perimeter or Internet router will be plus Sample Configuration OF the perimeter Router to deal with such Scenario.
I'd suggest you doing one thing regarding the routing; since the PIX Active-Active setup doesn't assign a shared virtual IP between the interfaces (as HSRP for example), you can configure your default route to be through the IP of the first failover group and configure another route with a higher metric number to go through the IP of the other failover group... here's an example:
Suppose you have 2 failover groups with the outside interface shared between these groups... failover group 1 will be active on the first unit where group 2 will be passive on this unit. Things will be exactly the opposite on the second unit (i.e. group 1 will be passive and group 2 will be active). The active IP of the outside interface on PIX 1 is 192.168.1.1 and it's 192.168.1.2 on PIX 2. Now, configure your default route to be through 192.168.1.1, and do a second route through 192.168.1.2 with a higher metric; this will cause all traffic to go through 192.168.1.1 unless there's a failure on this unit. In case you need to use your PIX to load balance traffic, you can configure half of your hosts to go through one IP and the other half to use the other GW, this also applies if you have different internet links. Hope this helps.
For info on Active-Active configuration, browse to the following link:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...