Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
2
Replies

Dual PIX 525 with 6.3, Please help!!!

jolo07310
Level 5
Level 5

‎04-20-2005 08:08 AM - edited ‎02-21-2020 12:05 AM

Originally, we have both (inside interface) PIX 525 connect to left side 6509. We have TWO 6509, those 2 PIX connec to left side 6509 with MSFC configured.

Now, I am going to configure right side 6509 MSFC with HSRP to right side.

Obviously, I will move one of the PIXs move to right side 6509 for redudancy.

How to configure at MSFC 6509 to route all traffic to internet through PIX? I mean I dont know much about PIX. I think PIX is running RIP.

Thats the configuration at right side MSFC. We use EIGRP for internal, and as you see, We just redistrube EIGRP to RIP. Am I ok, just do the same thing at Right Side MSFC????

router eigrp 100

network 10.0.0.0 0.0.1.255

network 10.0.2.0 0.0.1.255

no auto-summary

no eigrp log-neighbor-changes

!

router rip

version 2

redistribute eigrp 100 metric 2

network 10.0.0.0

default-metric 2

no auto-summary

Thanks

0 Helpful
2 Replies 2

pcomeaux
Cisco Employee
Cisco Employee

‎04-20-2005 06:20 PM

Hey there -

Do you have a dedicated Vlan for the link between the Pix and the MSFC core?

If not, I would start there.

Then I would ask, do you really want to run RIP between the Pix and the Core? The pix will only ever tell you about the default route 0.0.0.0. If the Pix performs failover, the IP address of the Primary is assumed by the Secondary, so using a static on the Core instead of RIP is quite valid. This helps you with outbound traffic from your network.

Finally, let's consider the traffic inbound to your network from the Pix. If you use a static route on the Pix pointing to the HSRP address of the Core MSFCs (remember the dedicated vlan for the Pix to Core connection), you will defintely remove your need for RIP.

Let me know what you think and we can discuss this further.

thanks

peter

0 Helpful

jolo07310
Level 5
Level 5
In response to pcomeaux

‎04-22-2005 05:23 PM

Hi Peter

Thanks for reply first.

We do not have dedicated Vlan for link between Pix and the MSFC core.

PIX ip address is one of the management vlan ip address. Honestly, I do have much right to change what or how to configure in PIX, I pretty sure they are running rip with 6.3 verison.

So what you say is that:

Even PIX is running RIP, I can just use "ip route 0.0.0.0 0.0.0.0 10.0.0.254" on the left 6509, then I use "ip route 0.0.0.0 0.0.0.0 10.0.0.254 10" on the right 6509. AM I Right??

At the mean time, PIX can still run RIP??

We will upgrade PIX to 7.0 or run OSPF instead of RIP or use dedicated VLAN in the future. But not now.

So whats your suggestion??

Thanks

Ken

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card