Hi all
I have 3 x 2621 routers and 2 x 515 pixes. The setup I am currently running
is as follow:
Internet --- Router1 --- PIX1 --- DMZ --- PIX2 --- Router2 --- LAN
Both routers and both PIXes are both running full access-list to protect
inside interface.
I have another design in mind which is:
Internet --- Router1 --- PIX1 --- Router2 --- LAN
|
|
Router3
|
|
DMZ
I prefer this design which I can use the other pix for failover and also, I
still can run access-list on both Router2 and Router3.
Is the second one a better design? I can't see much point running 2 pixes
with the same model on the first diagram. I would more agree to have dual
firewall in diagram 1 if the second firewall is a different firewall product.
Does anyone have any comment on this?
Thanks.
Christian.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70337&t=70337
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
