Security Basics mailing list archives
RE: HSRP with load balancing on a Cisco IOS based firewall
From: "Cherian M. Palayoor" <cpalayoor () cwalkergroup com>
Date: Mon, 8 Sep 2003 09:44:49 -0700
I was hoping to have it configured in the following manner. Split the network behind the Firewall into subnets say Network A and network B. Network A has router X as its primery and router Y as its secondary. Similarly Network B would have router Y as its primary and router X as its secondary. The return traffic would have to be similarly directed to the respective routers by the preceding device. This way if either fail their respective secondaries would take over. My prelimnary research on HSRP gives me the understanding that in an HSRP with load sharing environment, the 2 routers would have the same ip addresses albeit in a primary and secondary role. eg : Router X would have xy.1 as its prim ip and xy.2 as its second and Router Y would have xy.2 and xy.1 as its prim & second respectively. A return packet originally sent out thru X wud find Y with the ip xy.1 (on router X's failure)and consequently wud have its state maintained. Would the above configuration successfully address the problem of the state not being maintained. Do you reckon this configuration would work using IOS firewalls or is my understanding of how HSRP with load sharing incorrect ??? That is my million dollar question. Regards CP -----Original Message----- From: Cherian M. Palayoor Sent: Friday, September 05, 2003 9:44 AM To: security-basics () securityfocus com Subject: HSRP with load balancing on a Cisco IOS based firewall Hi there, Has anyone implemented HSRP with load balancing on a Cisco IOS based firewall. I have come across vague references to HSRP on IOS firewalls, though I have'nt managed to locate a configuration document as such. I am not so sure on the possibility of load balancing though. Any ideas ? Thanks in advance. Regards CP --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 05)
- RE: HSRP with load balancing on a Cisco IOS based firewall David Gillett (Sep 05)
- Re: HSRP with load balancing on a Cisco IOS based firewall David Lubowa (Sep 11)
- <Possible follow-ups>
- Re: HSRP with load balancing on a Cisco IOS based firewall Dina Kamal (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall segment (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 08)