Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
1
Replies

DUAL VPN PATH SUPPORT ON PIX

c-rai
Level 1
Level 1

‎07-31-2003 02:15 AM - edited ‎02-21-2020 12:42 PM

Dear All,

I have a Internet gateway router with internet uplink from two ISPs. Behind the Internet Gw router, I have PIX 515e ver 6.3 firewall.

My remote peers are also connected to internet. I want to terminate VPN tunnel on PIX firewall with site to site vpn configuration

The objective is to provide HA such that if one ISP link goes down, my traffic should pass through other ISP link. How do I do this on PIX so that if one tunnel configured through ISP A tears down, data should take alternate path from second tunnel configured through ISP B.

Is this possibly on PIX. Do I have to use two interface to connect to Internet gateway and configure VPN tunnel on each ???

Pl. help

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎08-04-2003 10:33 PM

You can't really do this on the PIX, since the PIX only has one default route pointing to the Internet gateway router.

The best way to do this is get a routable /30 subnet (2 hosts) for the connection between the PIX and the Internet router, then have the router advertise this subnet out to both ISP's. Point your remote peers to the PIX routable outside address, the traffic will be routed over one ISP and if that one goes down BGP should re-route everything to the other ISP. The PIX doesn't need to know anything about the external routing.

0 Helpful
Customers Also Viewed These Support Documents