Solved: Managing Routers running IOS Firewall

Jim Blake · ‎03-21-2014

I have to create a lab network that is firewalled off from the main production network. I'm thinking of connecting it via routers running firewall IOS (Reasons for not using ASA's? Expected low throughput, demanded low cost, the usual suspects).

I'd like to have two routers running active/passive. Questions:

1) can I run two IOS firewalls in Active/passive

2) is there a way of managing them other than manually replicating the config changes from one to another every time I make a config change?

All comments/help appreciated (even if the comments are "Don't be so stupid :) )

Thanks,

Jim

Rudy Sanjoko · ‎03-21-2014

At first I would say that it is not possible with IOS firewall, but after Googling it a bit it seems that it's possible to have A/S with IOS firewall.

Here are couple useful links that I am sure you will love:

Cisco IOS Stateful Failover - this is for general routers running 12.4T

IOS Classic Firewall - this is for 3800 platform.

You can find the requirements and the restrictions on above links. Regarding your second question, unfortunately it is one of the restriction. It doesn't support configuration synchronization.

View solution in original post

Rudy Sanjoko · ‎03-21-2014

At first I would say that it is not possible with IOS firewall, but after Googling it a bit it seems that it's possible to have A/S with IOS firewall.

Here are couple useful links that I am sure you will love:

Cisco IOS Stateful Failover - this is for general routers running 12.4T

IOS Classic Firewall - this is for 3800 platform.

You can find the requirements and the restrictions on above links. Regarding your second question, unfortunately it is one of the restriction. It doesn't support configuration synchronization.

Jim Blake · ‎03-21-2014

Thanks Rudy, thats the exact info I was looking for!

Best regards

Jim