Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco pix 515 and 2960 redundent

Posted on 2010-09-22
8
Medium Priority
?
549 Views
Last Modified: 2012-05-10
Hi All,

I want my cisco pix 515e to work as failover firewall and want to connect them with two switch to provide redundency. please see my configutation like this below:
 Picture-1
Can someone assist me with the configuration? I have got some idea but I need the full proof solution.

Thanks.
0
Comment
Question by:Prashant0906
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 33740205
To configure the PIXs you will need the required licensing on the firewalls first (Unrestricted/failover)

there are 2 options for failover config, cable based and Lan based.  Have a look at this URL for configuration details:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#conf

Just an FYI in case - you can't load balance over PIX firewalls - they only work as a 1 active, 1 standby.

hth
0
 

Author Comment

by:Prashant0906
ID: 33801989
Thanks for your solution. I am more concerned about cisco 2960 failover. Have no idea how that works. can you please help?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 33802107
what do you want to put in a solution - HSRP?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:Prashant0906
ID: 33885162
Thanks for the reply and sory for delays at my end. Yes I want to use HSRP.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 33888566
configuring HSRP is simple enough, essentially you will have 2 hard coded gateway addresses that share the same virtual ip address.  You stipulate which is the primary device and it acts accordingly until it goes down in which case the secondary device takes over as the gateway.

I am not sure its supported on 2960 switches though - have a look at this link for the commands and more detail:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml

Just something to mention too - you are teaming 2 nics in the example above.  Note that in a HSRP example, it provides redundancy - not load balancing.  You may want to look at GLBP instead.  As your server connects to both switches individually, only 1 network card will actually function at a time.  The 2960s would need to connect to each other also, if you want to use both network cards to talk to the same virtual gateway for hsrp
0
 

Author Comment

by:Prashant0906
ID: 34002406
Thanks for the solution. I think I am almost there. now the question arise that i will be connecting one cisco firewall to two switches. In case switch fails then firewall shoud still be able to forward the traffic using its second adapter connected to other switch. how this can be achieved? can I do failover on the network port on the pix 515e firewall?
0
 
LVL 19

Accepted Solution

by:
nodisco earned 2000 total points
ID: 34005348
You can't actually connect the PIX to 2 switches as the PIX can only have 1 default gateway for outbound.  

In terms of failover though this shouldn't be a problem.

e.g.

switch 1 connects to pix 1
switch 2 connects to pix 2
pix 1 is primary.
If switch 1 fails, then the port on pix1 that connects to switch 1 goes into fail state and the pix 1 fails over so that pix2 is now the primary.  traffic then flows from pix2 and switch 2.
0
 

Author Closing Comment

by:Prashant0906
ID: 34086137
Thanks
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question