RE: Cisco Pix520 with MS ISA firewall togather

From: Scott Morris (swm@emanon.com)
Date: Sun Apr 10 2005 - 11:39:14 GMT-3

• Next message: CCIE Security: "add to msn security_lab@hotmail.com"
• Previous message: Ian Stong: "RE: ospf dialer-watch///dialer watch-list"
• Maybe in reply to: Muhammad Saleem: "Cisco Pix520 with MS ISA firewall togather"
• Next in thread: Muhammad Saleem: "Re: Cisco Pix520 with MS ISA firewall togather"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Fail over implies there's a conversation between the two devices... There's
nothing that's going to make a PIX and ISA server talk to each other.

If you are dead-set on this type of combination, then your only plausible
alternative is to use a content engine on each side (in and out) in order to
watch connections going to and coming from one of the devices. This
actually gives you active/active load balancing, but if/when the ISA server
dies (grin) then the content engines would see that and everything would go
to the PIX.

HTH,

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Church, Chuck
Sent: Sunday, April 10, 2005 9:58 AM
To: Muhammad Saleem; ccielab@groupstudy.com
Subject: RE: Cisco Pix520 with MS ISA firewall togather

I don't think PIXes support HSRP, and very sure that the MS server doesn't
either. All of them DO support OSPF though. Why not have the router act as
the default gateway, and have it learn default routes from both the PIX and
the MS server. Adjust your cost to use the default that you want.

Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team 1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
cchurch@netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Muhammad Saleem
Sent: Sunday, April 10, 2005 7:53 AM
To: ccielab@groupstudy.com
Subject: Cisco Pix520 with MS ISA firewall togather

Dear CCIE Lab,

Can I use Cisco Pix520 with MS ISA firewall together in Fail Over scenario,
Not like real failover feature in Pix or ISA individually but how can I make
it possible in other way, Can I use a router with HSRP feature with the IP
addresses of Cisco Pix Firewall 520 and MS ISA firewall in it and provide a
virtual IP addresses to my client as default gateway.

I will appreciate urgent replies

Saleem

Networks Manager

KSA

• Next message: CCIE Security: "add to msn security_lab@hotmail.com"
• Previous message: Ian Stong: "RE: ospf dialer-watch///dialer watch-list"
• Maybe in reply to: Muhammad Saleem: "Cisco Pix520 with MS ISA firewall togather"
• Next in thread: Muhammad Saleem: "Re: Cisco Pix520 with MS ISA firewall togather"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:55 GMT-3