[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

Poor man's PIX fail over

I have two PIX 515Es connected to separate DSL circuits out to the Internet. PIX A is all outbound traffic (web browsing, etc.) and PIX B is for inbound traffic (email and Internet web server). Is there a reasonably simple way to have PIX A route outbound traffic to PIX B in the event that PIX A's connection is down?


0
zvolts
Asked:
zvolts
  • 2
  • 2
1 Solution
 
lrmooreCommented:
Absolutely not. Sorry, but this is a design feature of the PIX.
PIX absolutely will not redirect traffic back out the interface it came in on.
However, you could put in a "router on a stick", enable OSPF routing on the PIX's to dynamically tell the router which one has a route out, and point all internal systems to this router as their default gateway. Not very elegant, primarily because the PIX and OSPF route changes depend on the interface dropping which probably won't happen between the pix and the dsl modem.
0
 
zvoltsAuthor Commented:
"PIX absolutely will not redirect traffic back out the interface it came in on."

I see. Another question then. PIX A has a 3rd (DMZ) NIC that I'm not using. Could I push packets out that interface to PIX B if the connection was down?




0
 
lrmooreCommented:
Theoretically, yes, but I assume that both PIX's inside interfaces are in the same subnet?
You would have to have a different subnet between the two pix's than the inside of your primary PIX.
Pretty  much same concept of a dmz.
You would still have to manually change the default route and double-nat outgoing traffic, which is actually OK...
0
 
zvoltsAuthor Commented:
Yes, both Pix's inside interfaces are on the same subnet. So, it sounds like that option is more trouble than it's worth. I think I'll check out the "router on a stick" option.

Thanks for your help.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now