04-08-2014 03:00 PM - edited 03-11-2019 09:03 PM
Hi Experts,
In my topology i have pix 525e and asa 5520 in a parallel connection. I want to implement redundancy between this two firewall.
My question is "is that possible to implement openBSD CARP protocol in PIX/ASA firewall?" if so please guide me with your ideas.
Initially im planning to implement it in GNS3 and if works fine then ill do it in real machine. Please help me if there is any other possibilities for redundancy between this two different firewall.
Thanks,
Sridhar
04-09-2014 08:35 AM
I don't think you will be able to do this. You can do ASA failover between two firewalls with identical hardware and firmware, but they don't support CARP and you won't be able to Cisco failover between a Pix and an ASA.
-- Jim Leinweber
04-09-2014 10:44 AM
04-09-2014 12:31 PM
Unfortunately, no. You can do zero-downtime upgrades of failover pairs, but the Pix and ASA hardware and firmware's are too far apart for that. In your diagram there might be ways to replace Pix5 by routing traffic over ASA4, but I don't think anything can be done about Pix6.
I'm lucky enough to work for an organization which can tolerate short outages outside of production hours, so it hasn't been an issue for me.
-- Jim Leinweber, WI State Lab of Hygiene
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide