Re: Two Pix with internal Rip

npservice · ‎03-21-2005

Hi, i have first Pix 515 connected with external interface to First Provider (8 public ip address) and with internal interface to my Lan.

Second Pix 506 is connected with external interface to Second Provider (8 public ip address) and with internal interface to my Lan.

A Router 1720 is default gateway of my Lan.

I want configure Rip in Pix 515,Pix 506 and Router 1720 for internet access Failover.

I need to use Pix 515 as Primary internet access and Pix 506 as Secondary internet Access.

If Pix 515 go down (or power off it) does Rip switch to Pix 506 or not?

Rip configuration in Pix:Default or Passive?

Do you recommend to use static routing instead dynamic routing?Thanks

jboyer · ‎03-21-2005

There are some fundamental problems with your design.

1. The pix are both on the same lan segment as your router. Every client will get an ICMP redirect to Pix1 and add that route to their local routing table. If you failover to Pix2 the clients will not find it until they reboot.

2. If you are hosting any internet services, they will not failover.

If you just need to failover outbound internet access then you could get by with a router with 3 ethernet ints. 1-Lan, 2-fw1, 3-fw2. And make the clients route through the router to get to the Pix.

npservice · ‎03-30-2005

For Hosting service i will provide to two different Server with the same service and the same Dns record but different ip address (and different provider).

Thanks for your suggestion!