Re: PIX 501 can use console port for backup dialup ??

magitpartner · ‎01-19-2006

Hi,

Need to give a remote client with PIX 501-BUN K9 some fault protection, I want to know if is possible to connect an external modem to the console port and dial-UP to an ISP for VPN backup.

mchin345 · ‎01-24-2006

The Virtual Router Redundancy Protocol (VRRP) eliminates the single point of failure inherent in the static default routed environment. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router (a VPN 3000 Series Concentrator cluster) to one of the VPN Concentrators on a LAN. The VRRP VPN Concentrator that controls the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to those IP addresses. When the Master becomes unavailable, a backup VPN Concentrator takes the place of the Master.

VPN concentrator working with VRRP

Redundant VPN Concentrators are identified by group.

A single Master is chosen for the group.

One or more VPN Concentrators can be Backups of the group's Master.

The Master communicates its state to the Backup devices.

If the Master fails to communicate its status, VRRP tries each Backup in order of precedence. The responding Backup assumes the role of Master.

rcmichaelson · ‎01-25-2006

Unfortunately the PIX console port is not capable of doing a dial backup. Would be cool if it could.

To do a dial backup, I can think of two options off the top of my head:

- Replace PIX with a router that has an IOS image with the IPSEC/FW feature set and do your VPN from that (using a serial port/WIC, AUX port or an ISDN WIC for dial backup to the ISP).

- Leave the existing PIX as-is, have the existing internet link go through a router & set up that router with a dial backup (might have to NAT to the internet though...).