Security Basics mailing list archives
Re: HSRP with load balancing on a Cisco IOS based firewall
From: "Dina Kamal" <dina () synergyct com>
Date: Sat, 6 Sep 2003 02:00:27 -0700
Hi, Well, if you mean by IOS based firewall a router with a firewall/Ipsec feature set then in this case you use the common HSRP config or cisco routers Here is a qote from cisco web site: "All firewall states are internal to a single router, and there is no provision for redundant firewall routers. Therefore if a router running CBAC dies or is routed around, the CBAC conversations are lost. Configurations with asymmetric routing, where only one direction of each session passes through the firewall router, do not work. Although the Cisco IOS Firewall doesn't support router redundancy, it does support interface redundancy and load sharing. When CBAC creates a new channel, it installs the temporary access list entries on the interfaces used for the initial packet. The same access lists may be installed on backup interfaces that provide additional paths to the same destinations. It is possible to use CBAC with load sharing, as long as all the parallel interfaces are configured identically. If you configure the same access lists and inspection parameters on two interfaces that are alternate paths to the same destination, things should work more or less as expected. Note: You must use the same access lists (with the same access list numbers) on both interfaces" If you have a PIX firewall, in this case HSRP is not supported and for load balancing we use 4840G switch to provide what we call SLB (Server Load Balancing) Hope that helps Dina
Hi there, Has anyone implemented HSRP with load balancing on a Cisco IOS based firewall. I have come across vague references to HSRP on IOS firewalls, though I have'nt managed to locate a configuration document as such. I am not so
sure
on the possibility of load balancing though. Any ideas ? Thanks in advance. Regards CP
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30
(Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 05)
- RE: HSRP with load balancing on a Cisco IOS based firewall David Gillett (Sep 05)
- Re: HSRP with load balancing on a Cisco IOS based firewall David Lubowa (Sep 11)
- <Possible follow-ups>
- Re: HSRP with load balancing on a Cisco IOS based firewall Dina Kamal (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall segment (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 08)