Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

dual PIX 515 using BGP and HSRP for dual Internet connection 1

Status
Not open for further replies.
tekt1p5

tekt1p5

MIS
Mar 16, 2004
8
US


I already have the two BGP connections to 2 ISPs using HSRP working with single PIX 515. The only thing I’m not sure about is whether I can install a second PIX parallel to the 1st connection to the same outside switch and create another independent pipe instead of having the second pix just sitting there as a failover unit. I also think I can use MHSRP on the outside to control the way traffic exits the network. Has anyone ever encountered such a design?

 
Sort by date Sort by votes
Well, i think you need to ask yourself, what would you do with a second pipe, why use it as an active/active scenario, your setup is clearly aimed at high uptime, and this would be squashed by not having a failover solution for your pix.

btw, of course you can do it by just configuring the pix with another inside/outside address, but on the inside you would then need to direct the traffic to the right pix, might be more work than you would actually like.

Regards
Jan

Network Systems Engineer
CCNA/CQS/CCSP
 
Upvote 0 Downvote
Thanks dopehead or your response.There's something I failed to mention; the second PIX is not actually installed and has a restricted license which means that I probably cannot use for automatic failover anyway.I'm really interested in the load balancing and redundancy aspect of this design.The PIXs would be tied to 2 independent 2600s on the inside with MHSRP to handle outbound failover.That would give me a redundant connection to the outside if the any of the PIXs or even the 2600 failed.On the inside I was thinking of pointing a couple of servers that generate heavy traffic to the 2nd default gateway.The main concern I had was the possibility of creating routing loops and flooding the network to failure.Does anyone know if this could happen with this setting ?Please help
 
Upvote 0 Downvote
Have you looked into GLBP for the load balancing? Much like HSRP except the AVG will round robin the ARP responses of the multiple members' virtual MAC address. You can also shape the responses based on hosts, if you prefer, or just point certain devices to the real addresses of the devices as the gateway to bypass the GLBP responses.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
802
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
678
XLNTech1
XLNTech1
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
757
nnaarrnn
nnaarrnn
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
293
mcisar
mcisar

Part and Inventory Search

Sponsor

Back
Top