Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

Cisco pix 515 and 2960 redundent

Hi All,

I want my cisco pix 515e to work as failover firewall and want to connect them with two switch to provide redundency. please see my configutation like this below:
 Picture-1
Can someone assist me with the configuration? I have got some idea but I need the full proof solution.

Thanks.
0
Prashant0906
Asked:
Prashant0906
  • 4
  • 4
1 Solution
 
nodiscoCommented:
To configure the PIXs you will need the required licensing on the firewalls first (Unrestricted/failover)

there are 2 options for failover config, cable based and Lan based.  Have a look at this URL for configuration details:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#conf

Just an FYI in case - you can't load balance over PIX firewalls - they only work as a 1 active, 1 standby.

hth
0
 
Prashant0906Author Commented:
Thanks for your solution. I am more concerned about cisco 2960 failover. Have no idea how that works. can you please help?
0
 
nodiscoCommented:
what do you want to put in a solution - HSRP?
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
Prashant0906Author Commented:
Thanks for the reply and sory for delays at my end. Yes I want to use HSRP.
0
 
nodiscoCommented:
configuring HSRP is simple enough, essentially you will have 2 hard coded gateway addresses that share the same virtual ip address.  You stipulate which is the primary device and it acts accordingly until it goes down in which case the secondary device takes over as the gateway.

I am not sure its supported on 2960 switches though - have a look at this link for the commands and more detail:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml

Just something to mention too - you are teaming 2 nics in the example above.  Note that in a HSRP example, it provides redundancy - not load balancing.  You may want to look at GLBP instead.  As your server connects to both switches individually, only 1 network card will actually function at a time.  The 2960s would need to connect to each other also, if you want to use both network cards to talk to the same virtual gateway for hsrp
0
 
Prashant0906Author Commented:
Thanks for the solution. I think I am almost there. now the question arise that i will be connecting one cisco firewall to two switches. In case switch fails then firewall shoud still be able to forward the traffic using its second adapter connected to other switch. how this can be achieved? can I do failover on the network port on the pix 515e firewall?
0
 
nodiscoCommented:
You can't actually connect the PIX to 2 switches as the PIX can only have 1 default gateway for outbound.  

In terms of failover though this shouldn't be a problem.

e.g.

switch 1 connects to pix 1
switch 2 connects to pix 2
pix 1 is primary.
If switch 1 fails, then the port on pix1 that connects to switch 1 goes into fail state and the pix 1 fails over so that pix2 is now the primary.  traffic then flows from pix2 and switch 2.
0
 
Prashant0906Author Commented:
Thanks
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now