A diagram would help. I'm visualizing the remote site as having one Internet connection. The gateway router's inside interface connects to a hub/switch. The outside interfaces of the two 506s connect to this hub/switch. The inside interfaces of the 506s connect to a second (common) hub/switch which is the LAN. So the two 506s are in parallel. True?
I repeat the mantra of this list. "What is the problem that you are trying to solve?" What is the perceived problem? What is the supposed solution? Does the solution really fix the problem? Can you be more clear about how "redundancy" will be provided. Is the customer concerned about a PIX failing? Does he need both 506s working at the same time? If not, one could be on line with the other as a cold spare (either installed or on the shelf.) Imagine the joy of keeping those configs in sync!! If so, then I'm guessing that the 506s are in parallel. Then each requires its own outside address - which is different from a standard failover scenario. Can you create a VPN from HQ to each 506 - with one preferred? > -----Original Message----- > From: Edward Sohn [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 03, 2002 10:14 AM > To: [EMAIL PROTECTED] > Subject: for PIX VPN gurus... [7:58448] > > > I have a requirement in which a single Headquarters PIX needs to VPN > over the internet to a single remote site which have two > separate PIXes > (connected the same site LAN). The goal is to introduce > redundancy into > the VPN connection to the remote site. Unfortunately, it has > to be like > this due to the company's hardware limitations. > > This is not a "classic" PIX failover configuration via the > serial method > (515, 525, 535), but two separate PIX 506's connected > separately to the > same LAN. > > I can't find anywhere on CCO whether this config is supported, and the > TAC engineer is also clueless (he even said that he doesn't have a way > to LAB it up--can you believe that?. This is Cisco we're > talking about > here). > > Anyway, anybody ever done something like this? Will this work? Can > somebody test this? > Thanks, > > Eddie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58461&t=58448 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
