My question to the forum is what type of options do I have for backing up my existing IPSEC tunnel devices? For example I have a bunch of PIX 506 firewalls connected via DSL to the Internet. The Hub Site is a Cisco PIX 515 firewall with T1 access. We all know how reliable DSL companies are so I want to back up the DSL with a 1720 dialing up to a local ISP. My question is how will this work in an IPSEC private IP to private IP LAN-to-LAN tunnel scenario? How will the PIX know how to encrypt packets to the remote network through a new tunnel end point destination?
1. The VPNs are between the remote site PIX506s and PIX515, and the routers just provide resilient network connectivity using ISDN backup. This reduce the complexity of the IPSec portion, and provide resilience via standard network means.
2. The site to site VPNs are between the remote site Routers and the Hub PIX515, with the PIX knowing each route by its DSL interface IP and the ISDN interface IP. This begins to complicate the IPSec setup.
3. The VPNs are constructed between the routers instead of the PIXs.
I've assumed that you have total control of PIX + Router for each site and that the router provide xDSL and ISDN connectivity. If your ISP supplies provide xDSL connectivity for you, another router with dual Ethernet and 1 ISDN would be ideal i.e.
I guess what I'm saying is keep the security bits simple, and use the network to provide resilience ;)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...