High Availability for Firewalls, DMZ and edge routers
We have two core 6509 switchs running HSRP.
We have two firewalls in active/standby roles and want to implement a high availablility structure with the core switches, firewalls and edge router.
In order to do this, I believe the inside interface of each firewall should go to each core switch, then have a seperate DMZ switch for each firewall, with redundant connections from the servers to each DMZ.
My question involves the Internet edge router and MPLS router.
Is there any way to have the Internet edge router have dual connection to the firewalls, and MPLS router?
Re: High Availability for Firewalls, DMZ and edge routers
Attach your MPLS router with one ethernet interface to each of your cores in a point-to-point manner, and run a routing protocol like eigrp or ospf. The routing protocol will determine if there is a failure and route around the failed link.
You can do something similar on your Internet edge if your PIX's have the memory to run 7.0 (I think the 515E's can). 7.0 introduces ospf, and you could run that to create a similar configuration on your external network.
You could use also use a switch module in your 2800. I believe the part number is HWIC-4ESW for a 4-port module that will sit in an HWIC slot. However, I think you'll find that using the routing protocols will scale better.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...