Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
6
Replies

Load balancing across two Pixes 525

Go to solution
miloskv
Level 1
Level 1

‎03-13-2006 02:29 AM - edited ‎02-21-2020 12:46 AM

I'm creating network solution that will have two Pix 525 firewalls connected to two different ISPs. For performance reasons i would like that my clients connect to Internet through both firewalls in round robin fashion. What are my possibilities?

I want to create something like Gateway load balancing protocol (GLBP) on 2800 series of router. I don't know and can't find out if Pix supports GLBP. If not, are any similiar solution supported?

Thanks for any answer.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aashish.c
Level 4
Level 4
In response to miloskv

‎03-13-2006 03:23 AM

Hi Milos,

I have another solution for you for 2 ISP requirement, that is OER (Optimized Edge Routing). Here is the link which will show you the multiple scenarios and its functionality.

http://www.cisco.com/en/US/products/ps6599/products_data_sheet0900aecd801dfcec.html

If you find it good then you may run your firewalls in failover mode, behind the OER master router for security purposes, but not for any routing purpose.

2nd solution could be PBR with the Multiple Tracking Options :

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml

In 2nd solution also, you may use PIX behind the router for regular security purposes with security policies.

3rd solution : You may use 2 routers 2800 and terminate ISP links on both of them and run GLBP between them.

here is the PIX load balancing g. Load balancing is supported in PIX from 7.0 onwards only :

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008054c4b7.html#wp1102712

regards

aashish C

View solution in original post

0 Helpful
6 Replies 6

Go to solution
aashish.c
Level 4
Level 4

‎03-13-2006 02:50 AM

Hi

PIX doesnt support GLBP. the solution for your requirement is :

1) Run both the PIX boxes in load-balancing mode.

2) Terminate both the ISPs on 2800 router and it will be the front end.

3) connect both the PIX box`s outside interface to 2800 LAN ports.

4) On 2800, configure the PBR along with NAT for 2 ISPs.

A route map allows the user to match any combination of ACLs, next-hop IP addresses, and output interfaces to determine which NAT pool to use.

Kindly update me for further clarification.

regards

aashish C

0 Helpful

Go to solution
miloskv
Level 1
Level 1
In response to aashish.c

‎03-13-2006 02:59 AM

Ok, thanks for the suggestion.

One more question...

what do You think to terminate two ISPs onto two 2800 ?

I can start GLBP on routers. Will my PIX support load balancing now?

I've never worked with pix load balancing. Do You have any pdf or site on which i can explore more?

(please not only cisco.com, 'couse it is very heavy to find exactly what you want :))

Thanks for any comments

regards

Milos

0 Helpful

Go to solution
aashish.c
Level 4
Level 4
In response to miloskv

‎03-13-2006 03:23 AM

Hi Milos,

I have another solution for you for 2 ISP requirement, that is OER (Optimized Edge Routing). Here is the link which will show you the multiple scenarios and its functionality.

http://www.cisco.com/en/US/products/ps6599/products_data_sheet0900aecd801dfcec.html

If you find it good then you may run your firewalls in failover mode, behind the OER master router for security purposes, but not for any routing purpose.

2nd solution could be PBR with the Multiple Tracking Options :

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml

In 2nd solution also, you may use PIX behind the router for regular security purposes with security policies.

3rd solution : You may use 2 routers 2800 and terminate ISP links on both of them and run GLBP between them.

here is the PIX load balancing g. Load balancing is supported in PIX from 7.0 onwards only :

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008054c4b7.html#wp1102712

regards

aashish C

0 Helpful

Go to solution
miloskv
Level 1
Level 1
In response to aashish.c

‎03-13-2006 03:43 AM

I know that I ask too much but only this one and that's it. Could I use ASA 5520 istead of Pix 525? I mean are those documentations and suggestions right for ASA5520? Same story, different device :)

0 Helpful

Go to solution
arumugasamy
Level 1
Level 1
In response to miloskv

‎03-24-2006 01:31 AM

Mr.Miloskv,

ASA 5520 is the best selection in place of pix because 5520 supports active/active load balancing and nultiple default routes to the next hop.

Thanks

0 Helpful

Go to solution
jcockburn
Level 1
Level 1
In response to arumugasamy

‎03-24-2006 04:55 AM

Hi All,

Remember that active/active supports asymetrical load balancing

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card