Re: Failover routes on a PIX

jhaggett · ‎02-03-2005

Have a question about routing with a PIX. I have 4 branches with all PIX 515E's. This is in full mesh VPN topology. My question is, can I add a failover route through another branch if one link fails? I'm curious if i'm going to have to enable OSPF for this or not. Any help is appreciated.

dbellaze · ‎02-03-2005

I think that failover would work by using OSPF or by doing static routes w/higher metric's.

But since you are doing backup routing over VPN connections I think that the back up route network/s would have to be included in your crypto access-lists for each VPN that will back up the route.

Does that make sense.

Daniel

dbellaze · ‎02-03-2005

Sorry actually you cannot do this right now. You can't redirect traffic on the same interface.

I think this is a limitation that the 7.0 release will no longer have which is due for release in the next few months.

Daniel

jackko · ‎02-03-2005

totally agree with daniel.

the required backup scenario is not going to work, due to the limitation of the current pix os. (i.e. pix does NOT redirect traffic on the same interface)

sachinraja · ‎02-03-2005

hello

its better you enable ospf for your setup.. dynamic routing is the only solution as of now, if you think of backup solutions.. on a pix you cannot add higher metric routes..

so, enable ospf and make ur life easier.. assign costs and you can manipulate ur routes...

hope this helps.. all the best..

Raj