[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

PIX in Failover mode

I have a PIX with 6 FE ports and VAC. I have bought a FO unit direct from Cisco. I plan on using a Cisco 3560G layer 3 switch for VLANing as well. I have a read a lot about setting this up, but still do not understand some of this stuff.

1) Why would it not be wise to connect all of the FE ports from both PIXs to the same layer 3 switch if you are VLANing? Is it a security concern?
2) Do I have to configure a unique IP for each interface on both PIXs? I Would the below IP scheme work right?
3) And If I assign these interfaces to these VLANs, how do I get them to communicate with a router in the same rack that is managed by a third-party?

***** PUBLIC IPs ARE FAKE*********

PIX-Primary
E0   55.110.213.241 255.255.255.224  (VLAN 55)
E1   10.253.3.249    255.255.255.248   (VLAN 248)
E2    192.168.2.1     255.255.255.0      (VLAN 11)
E3    10.253.3.241   255.255.255.248   (VLAN 240)
E4    unused
E5    unused

PIX-FO
E0   55.110.213.242 255.255.255.224   (VLAN 55)
E1   10.253.3.250     255.255.255.248   (VLAN 248)
E2   192.168.2.2      255.255.255.0       (VLAN 11)
E3   10.253.3.242     255.255.255.248   (VLAN 240)
E4   unused
E5   unused


????????? OR AM I TOTALLY OFFBASE??????????
0
Kjohnsting
Asked:
Kjohnsting
1 Solution
 
prueconsultingCommented:
1)Typically Physical segragation is better than logical. Simply due to the potential of a misconfiguration of the switch allowing access between Vlans and or exploitation of the switch.

2)Your addressing scheme seems correct. And yes each interface requires its own ip. What will happen is the FO will take the primary address in the event of FO.

3) Routes..

0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now