Tunnel i/f with PIX 6.3

[sghezzi]

Hello,

we have PIX 6.3 and we would like to use it for VPN only with double IP address on the external i/f, to connect with remote sites through two ISPs.

I think this should be possible with 6.3 because of VLANs, but I was wondering if it is also possible to have dinamyc routing between these two different paths (ISPs).
On router this is accomplished via OSPF, GRE protocol and Tunnel i/f.

Is this also possible with PIX 6.3?

If it is not possible, does it make sense to use two different i/f on PIX, give hem the same security level and then use OSPF between them?

Thanks
Silvia

 

[dopehead]

Only problem with using VLAN on the outside is, that it is dot1q trunking, so the port must go to one router/layer3 switch in order to use 2 different ips on the outside segment, which will create a single point of failure. Not a problem, just a consideration.

You could use two different interfaces, if you only wan't GRE with OSPF in it to go through, you don't even need routing on the outside, you just need to terminate the VPN on two different adresses in the other end, and then only route the peer through the two different interfaces.

Jan