04-20-2005 08:08 AM - edited 02-21-2020 12:05 AM
Originally, we have both (inside interface) PIX 525 connect to left side 6509. We have TWO 6509, those 2 PIX connec to left side 6509 with MSFC configured.
Now, I am going to configure right side 6509 MSFC with HSRP to right side.
Obviously, I will move one of the PIXs move to right side 6509 for redudancy.
How to configure at MSFC 6509 to route all traffic to internet through PIX? I mean I dont know much about PIX. I think PIX is running RIP.
Thats the configuration at right side MSFC. We use EIGRP for internal, and as you see, We just redistrube EIGRP to RIP. Am I ok, just do the same thing at Right Side MSFC????
router eigrp 100
network 10.0.0.0 0.0.1.255
network 10.0.2.0 0.0.1.255
no auto-summary
no eigrp log-neighbor-changes
!
router rip
version 2
redistribute eigrp 100 metric 2
network 10.0.0.0
default-metric 2
no auto-summary
Thanks
04-20-2005 06:20 PM
Hey there -
Do you have a dedicated Vlan for the link between the Pix and the MSFC core?
If not, I would start there.
Then I would ask, do you really want to run RIP between the Pix and the Core? The pix will only ever tell you about the default route 0.0.0.0. If the Pix performs failover, the IP address of the Primary is assumed by the Secondary, so using a static on the Core instead of RIP is quite valid. This helps you with outbound traffic from your network.
Finally, let's consider the traffic inbound to your network from the Pix. If you use a static route on the Pix pointing to the HSRP address of the Core MSFCs (remember the dedicated vlan for the Pix to Core connection), you will defintely remove your need for RIP.
Let me know what you think and we can discuss this further.
thanks
peter
04-22-2005 05:23 PM
Hi Peter
Thanks for reply first.
We do not have dedicated Vlan for link between Pix and the MSFC core.
PIX ip address is one of the management vlan ip address. Honestly, I do have much right to change what or how to configure in PIX, I pretty sure they are running rip with 6.3 verison.
So what you say is that:
Even PIX is running RIP, I can just use "ip route 0.0.0.0 0.0.0.0 10.0.0.254" on the left 6509, then I use "ip route 0.0.0.0 0.0.0.0 10.0.0.254 10" on the right 6509. AM I Right??
At the mean time, PIX can still run RIP??
We will upgrade PIX to 7.0 or run OSPF instead of RIP or use dedicated VLAN in the future. But not now.
So whats your suggestion??
Thanks
Ken
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide