Re: PIX 520: Failover and Not Enough Ips (Newbie)



In article <1155883339.312565.270280@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<nice.jon@xxxxxxxxx> wrote:

I am attempting to setup failover for a couple of pix 520s (similar to
the 515) within a start-up business/mission critical network.

I would suggest that you take this to comp.dcom.sys.cisco .


Based on my limited readings, it is my understanding that when setting
up failover, the secondary pix outside interface is assigned an unused
IP within the same subnet as the primary pix outside interface. Since
both hosts are occupied, is my only option to purchase a router? Or is
there an available hack in the meanwhile?

It depends on your software version, which you did not happen to state.

As the PIX 520 has not been sold for almost 5 years (December 2001),
there is a good chance you do not have the most modern software. As
you said it was a "start-up" and the equipment cannot be obtained new,
you probably got it used -- possibly without taking into account
that the software licenses are not normally transferable. You cannot
get parts for a 520 (except perhaps from a third party -- Brad Reese
might know where to find some), and you cannot purchase software
upgrades for it (not even to bring it up to the latest release)
and you cannot get a Cisco technical support contract for it. I'm
not even sure if you could open a Time and Materials support call
for it, as it is End of Life, but -possibly- you could get Cisco
Professional Support to take it on; if so that would probably cost
a -minimum- of $US500 per "incident".

All in all, -I- think it is a long-term mistake to use a PIX 520
for anything "mission critical" at this point: I suspect that
a pair of Cisco ASA 5520 would be about right. Alternately, you
could probably find a pair of legitimately-transferable used PIX 515E
Unrestricted, or a pair of used 515E and go through the
"relicensing program" (Cisco license part# LL-PIX-515-SW-UR -- street
price roughly $US3500 per unit). The 515E are still being sold and
are supported in the latest software.


It sounds as if the startup is hoping for some near-immediate sales
in order to generate revenue to continue on beyond the first couple
of months; my (very limited) business understanding is that such
a business model very rarely works out. Occasionally a business
needs to come to life long enough to demonstrate to a Venture Capitalist
that the technology really does work, but my (quite limited) reading
suggests that most of the time that approach does not work out either.
Certainly there are occasional exceptions, but the great majority
of new business run losses for the first couple of years. :(
.



Relevant Pages

  • RE: AW: RE: Security for new small company
    ... Sorry Mr. Holger but I dispense comments like yours. ... >(PIX 506, etc) have solutions for branch offices and small business. ... >>>nat and port forwarding is not a firewall. ...
    (Security-Basics)
  • Re: Another Blow For the Dellsnots
    ... Cisco for support haven't RTFM or are otherwise unsophisticated or even ... are calling Dell than are calling Cisco. ... business model is for SOHO, I would sum it up in a word: ...
    (alt.sys.pc-clone.dell)
  • Re: Changed from a software to a hardware firewall...now NETWORK PLACES wont display computer names
    ... >> A PIX is a complex beast. ... it is a business solution & businesses ... >> command syntax to make everything work as it should. ... >>>Make it easy on yourself and call Thec Support and be done with it. ...
    (comp.security.firewalls)
  • Advice needed
    ... My buddy at the blueberry farm (that's where the pix were taken) ... The thing is I don't know much about the advertising business or what ... I suppose I could attract business ...
    (rec.motorcycles)
  • Re: Do I need permission to use a photograph of a station
    ... >> that your pix are for private purposes, then morally, I believe you ... > Even on your own website? ... as part of a business or the pages ...
    (uk.railway)