Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PIX failover without using HSRP

from [steve ruben] Network Security [Permanent Link]
Subject: PIX failover without using HSRP
Date: Wed, 22 Sep 2004 17:52:39 -0700 (PDT) 

Hi,

 

I need to know if it is possible to use PIX firewalls with failover capability 
directly connecting to ISP routers. 

 

We do not have our own edge routers  This means there is no HSRP availability 
for PIX to route all outside traffic to one single address.

 

Here are the IP addresses:

 

PIX - Active outside: 192.168.50.1

ISP Edge router 1: 192.168.50.2

PIX  Active inside: 10.10.0.1

 

PIX  Standby outside: 192.168.60.1

ISP Edge router 2: 192.168.60.2

PIX  Standby inside: 10.10.0.2

 

Can I use OSPF routing to make failover work?

 

What will happen when failover occurs? Will the PIX  Standby outside IP 
address (192.168.60.1) gets overwritten as 192.168.50.1?

 

Can I omit the failover IP address outside command to prevent this?

 

Please let me know if anybody has implemented this kind of solution. Any links 
or tips will be very helpful. 

 

Thanks,

Steve

 


                
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IPTables Spoof Protection, Robert Hajime Lanning
Next by Date:  RE: AD in DMZ, Sergey V. Gordeychik
Previous by Thread:  Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products, Mike Sues
Next by Thread:  RE: PIX failover without using HSRP, James Williams
Indexes:  [Date] [Thread] [Top] [All Lists]