RE: HSRP with load balancing on a Cisco IOS based firewall

["Cherian M. Palayoor" <cpalayoor () cwalkergroup com>]

I was hoping to have it configured in the following manner. 
Split the network behind the Firewall into subnets say Network A and network
B. Network A has router X as its primery and router Y as its secondary.
Similarly Network B would have router Y as its primary and router X as its
secondary. The return traffic would have to be similarly directed to the
respective routers by the preceding device. This way if either fail their
respective secondaries would take over. 
My prelimnary research on HSRP gives me the understanding that in an HSRP
with load sharing environment, the 2 routers would have the same ip addresses
albeit in a primary and secondary role. eg : Router X would have xy.1 as its
prim ip and xy.2 as its second and Router Y would have xy.2 and xy.1 as its
prim & second respectively. 

A return packet originally sent out thru X wud find Y with the ip xy.1 (on
router X's failure)and consequently wud have its state maintained. 

Would the above configuration successfully address the problem of the state
not being maintained. 

Do you reckon this configuration would work using IOS firewalls or is my
understanding of how HSRP with load sharing incorrect ??? 

That is my million dollar question.

Regards

CP
 
-----Original Message-----
From: Cherian M. Palayoor 
Sent: Friday, September 05, 2003 9:44 AM
To: security-basics () securityfocus com
Subject: HSRP with load balancing on a Cisco IOS based firewall


Hi there,

Has anyone implemented HSRP with load balancing on a Cisco IOS based
firewall.

I have come across vague references to HSRP on IOS firewalls, though I
have'nt managed to locate a configuration document as such. I am not so sure
on the possibility of load balancing though.

Any ideas ?

Thanks in advance.

Regards

CP




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------