Hi all I have 3 x 2621 routers and 2 x 515 pixes. The setup I am currently running is as follow:
Internet --- Router1 --- PIX1 --- DMZ --- PIX2 --- Router2 --- LAN Both routers and both PIXes are both running full access-list to protect inside interface. I have another design in mind which is: Internet --- Router1 --- PIX1 --- Router2 --- LAN | | Router3 | | DMZ I prefer this design which I can use the other pix for failover and also, I still can run access-list on both Router2 and Router3. Is the second one a better design? I can't see much point running 2 pixes with the same model on the first diagram. I would more agree to have dual firewall in diagram 1 if the second firewall is a different firewall product. Does anyone have any comment on this? Thanks. Christian. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70337&t=70337 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]