Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

High Availability for Firewalls, DMZ and edge routers

We have two core 6509 switchs running HSRP.

We have two firewalls in active/standby roles and want to implement a high availablility structure with the core switches, firewalls and edge router.

In order to do this, I believe the inside interface of each firewall should go to each core switch, then have a seperate DMZ switch for each firewall, with redundant connections from the servers to each DMZ.

My question involves the Internet edge router and MPLS router.

Is there any way to have the Internet edge router have dual connection to the firewalls, and MPLS router?

How is this normally done?

2 REPLIES
New Member

Re: High Availability for Firewalls, DMZ and edge routers

Attach your MPLS router with one ethernet interface to each of your cores in a point-to-point manner, and run a routing protocol like eigrp or ospf. The routing protocol will determine if there is a failure and route around the failed link.

You can do something similar on your Internet edge if your PIX's have the memory to run 7.0 (I think the 515E's can). 7.0 introduces ospf, and you could run that to create a similar configuration on your external network.

You could use also use a switch module in your 2800. I believe the part number is HWIC-4ESW for a 4-port module that will sit in an HWIC slot. However, I think you'll find that using the routing protocols will scale better.

New Member

Re: High Availability for Firewalls, DMZ and edge routers

Thanks for the reply.

We have OSPF on the firewalls (soon to be ASAs), but not sure what you mean about attaching in point-to-point manner.

Each interface will have to be in a different subnet correct?

Can you give an example of what you are talking about?

570
Views
0
Helpful
2
Replies
CreatePlease login to create content