Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
5
Replies

PIX and OSPF

ali-franks
Level 1
Level 1

‎10-07-2004 12:46 AM - edited ‎02-20-2020 11:40 PM

Hi All,

I'm aware that the PIX does not provide load balancing functionalty at the moment - that's coming in version 7 apparently.

However, my query is this:

Instead of using a failover pair, has anyone implemented the use of two PIX running OSPF in order to load balance outbound traffic? I see no reason why this shouldn't work provided the interfaces on the inside of the PIX's are connected to router/s with different VLSM subnets

Any comments please?

Regards

Ali

0 Helpful
5 Replies 5

lr.moore
Level 1
Level 1

‎10-09-2004 12:59 PM

Agree with you. OSPF should also allow you to have two separate routers out in front of it participating in OSPF, giving the PIX two equal cost routes.. Interesting theory. I shall try that in my lab....

Unfortunately, I only have one PIX to play with, so I can't test your theory of having dual PIX's. The only problem with that scenario is that you have to have a router on the inside that all the clients/users point to for their default gateway...

0 Helpful

lr.moore
Level 1
Level 1

‎10-09-2004 01:46 PM

Well, my experiment worked...two outside routers, both advertising default, two equal cost routes out of the PIX

O*E2 0.0.0.0 0.0.0.0 [110/1] via 10.2.2.1, 0:01:59, outside

[110/1] via 10.2.2.3, 0:01:59, outside

0 Helpful

ali-franks
Level 1
Level 1
In response to lr.moore

‎10-12-2004 04:37 AM

Thanks Leslie, I just needed the sanity check. Thanks also for taking the time to try it in a lab.

Ali

0 Helpful

HENRIQUE REIS
Level 1
Level 1

‎10-30-2004 02:20 PM

I am trying to implement this right now. Running into a few problems. I've been finding that if traffic flows out one pix, then subsequent packets of the same flow exits the other pix it breaks. I'm pretty sure it's because of ASA not allowing a previously built connection from one pix to go out another. This is just theory.

The way I have implemented it so far is by redistributing static (the default route) into ospf. I have a 2651 router in front of the two pixs, and it's routing table shows the two default routes of equal routes.

I've noticed though that the router is just choosing one default gateway and sticking to it for most of the time.

So here comes my current problem: If I try to modify the costs of the default routes to favour one default route over the other, nothing changes as far as the administrative distances on the 2651.

I'm stumped.

0 Helpful

HENRIQUE REIS
Level 1
Level 1
In response to HENRIQUE REIS

‎10-30-2004 02:23 PM

Just adding to this....

After reading some replies, I found my implementation is different so my problem is different..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card