Security Basics mailing list archives
RE: HSRP with load balancing on a Cisco IOS based firewall
From: Dave <update () dsrtech com>
Date: Mon, 08 Sep 2003 21:02:29 -0400
Your understanding is of HSRP is correct. http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:HSRP&s=Implementation_and_Configuration http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml I was unable to find any example of CBAC and HSRP together, and have not seen this myself. I would open a TAC case for assistance if I was you. You'll find your answer much faster this way. good luck. On Mon, 2003-09-08 at 15:16, Cherian M. Palayoor wrote:
Hi Dave, Can I implement MHSRP across IOS based firewalls on Ciso routers ? I was hoping to have it configured in the following manner. Split the network behind the Firewall into subnets say Network A and network B. Network A has router X as its primery and router Y as its secondary. Similarly Network B would have router Y as its primary and router X as its secondary. The return traffic would have to be similarly directed to the respective routers by the preceding device. This way if either fail their respective secondaries would take over. My prelimnary research on HSRP gives me the understanding that in an HSRP with load sharing environment, the 2 routers would have the same ip addresses albeit in a primary and secondary role. eg : Router X would have xy.1 as its prim ip and xy.2 as its second and Router Y would have xy.2 and xy.1 as its prim & second respectively. A return packet originally sent out thru X wud find Y with the ip xy.1 (on router X's failure)and consequently wud have its state maintained. Would the above configuration successfully address the problem of the state not being maintained. Do you reckon this configuration would work using IOS firewalls or is my understanding of how HSRP with load sharing incorrect ??? Regards Cherian -----Original Message----- From: Dave [mailto:update () dsrtech com] Sent: Friday, September 05, 2003 6:17 PM To: security-basics () securityfocus com Cc: Cherian M. Palayoor Subject: RE: HSRP with load balancing on a Cisco IOS based firewall HSRP is only for fail over. You can use MHSRP which is multiple groups to "load split". Lets say you have a /24 network. you would make your HSRP group 1 primary for 0/25 and your HSRP group 2 primary for 128/25. Then make them each redundant for the other and "split" the load. Your responsibility would be to ensure you load balance your busiest hosts between networks. This same principal applies for BGP. You can essentially balance the connections by splitting the network routing. On Fri, 2003-09-05 at 17:05, David Gillett wrote:HSRP does fail-over, but I don't see how it would do load balancing without some outside help. I think whatever does load-balancing for you becomes your alternative to HSRP. (If I'm wrong, I'd be really interested in seeing a lot more detail of what you're doing....) David Gillett-----Original Message----- From: Cherian M. Palayoor [mailto:cpalayoor () cwalkergroup com] Sent: September 5, 2003 09:44 To: security-basics () securityfocus com Subject: HSRP with load balancing on a Cisco IOS based firewall Hi there, Has anyone implemented HSRP with load balancing on a Cisco IOS based firewall. I have come across vague references to HSRP on IOS firewalls, though I have'nt managed to locate a configuration document as such. I am not so sure on the possibility of load balancing though. Any ideas ? Thanks in advance. Regards CP -------------------------------------------------------------- ------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com -------------------------------------------------------------- --------------______________________________________________________________________ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September6.Visit us: www.blackhat.com---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 05)
- RE: HSRP with load balancing on a Cisco IOS based firewall David Gillett (Sep 05)
- Re: HSRP with load balancing on a Cisco IOS based firewall David Lubowa (Sep 11)
- <Possible follow-ups>
- Re: HSRP with load balancing on a Cisco IOS based firewall Dina Kamal (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall segment (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall Cherian M. Palayoor (Sep 08)
- RE: HSRP with load balancing on a Cisco IOS based firewall Dave (Sep 09)