Re: RV042 and pix with load balancing

In article <1129253961.690018.280170@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<jcharth@xxxxxxxxxxx> wrote:
>what if i have to pixes and one router behind the pixes using ospf or
>ibgp to route the packets through the right pix? i can probably
>establish two tunels with rv042 and have the packets go to one or the
>other base on availability right? well anyway i think ill give it a
>shot.
>

If you can put routers behind the firewalls, redundancy becomes much
easier. Just treat the IPsec tunnels as non-broadcast point-to-point
links and use a routing protocol to select the tunnel to use. Load
balancing is automatic if you use an IGP and GRE tunnels. BGP routing
saves overhead, but makes load balancing much more difficult. See
the white paper "Redundant Routes in IPSec VPNs" on my web site
for some examples (load balancing is not addressed, but you can
fill that in, because load balancing is typically useless if you
don't have robust redundancy).

Good luck and have fun!
--
Vincent C Jones, Consultant Expert advice and a helping hand
Networking Unlimited, Inc. for those who want to manage and
Tenafly, NJ Phone: 201 568-7810 control their networking destiny
http://www.networkingunlimited.com
.

Relevant Pages

  • Re: Static route via address, not interface
    ... >> and then add network route via router ... configuration (I have 172.22.2.0/24 segment attached with router ... Routing tables ... packets transmitted, 1 packets received, 0% packet loss ...
    (freebsd-net)
  • Re: traceroute & ping
    ... If you ping support -R [Record Route] you can see what interfaces ... the packets are returning on. ... But I'd be concernced about your router at this point since ...
    (comp.unix.sco.misc)
  • Re: Multihomed proxy serving 2 wireless networks
    ... The FC2 box is not acting as a router. ... I don't want all packets to go ... through eth0 due to the load on the wireless router. ... route through the 2 interfaces is to reduce the total load on each router. ...
    (Fedora)
  • Re: newbie trouble with ip route
    ... > the packets, if the requests come from the local network. ... > - if I start traceroute on the Linux router, it dials up to the remote LAN ... Else try making a static route on the clients for the 10.100 network - ...
    (comp.os.linux.networking)
  • Re: What is a default route??
    ... > If I have load balancing in place, and I believe I do, then if one DSL ... > out, would I need to change my default route, ie: ... physical connection to the internet. ... each router involved will choose depends not only on the availability ...
    (comp.os.linux.networking)