Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn reliability with pix

Looking for a solution for connectivity resiliance with pix vpn site-to-site main connection, actually I have only the gre tunnel between inside routers, dynamic routing and backup dial connection.

What about RRI in pix firewall ? other solutions ?

Thank you in advance



Re: vpn reliability with pix

The PIX does not work well as a router, so your redundancy is best handled by real routers. That said, it sounds like you already have dial backup implemented dialing around the Internet. Is there a problem with your current solution or were you describing what you want rather than what you have?

Two of my favorite solutions are documented in the "Redundant Routes in IPSec VPNs" white paper on my web site. But there are many variations on both approaches that can be used to adjust to your specific needs.

For example, if dial backup does not give you enough bandwidth, an easy approach is to use a second, low cost VPN (cable modem or DSL based) using independent firewalls, and giving it a higher routing metric. Just remember to keep an eye on your backup paths so that when they go down, you can get them fixed before you need them for production traffic!

Good luck and have fun!

Vincent C Jones

CreatePlease login to create content