[c-nsp] using a /29 mask on a /30 point-to-point
Ryan West
rwest at zyedge.com
Tue Jun 30 20:53:08 EDT 2009
Using Peter's example below, just leave off the 10.0.0.3 standby address. The failover and state information will still be passed between the firewalls and you can get by with a /30. If for some reason you're running 6.3(5), go to Kingston.com and buy yourself 2 sets of (2) 64MB CL2 100Mhz low profile DRAM and upgrade to 7.x. 6.3 code is a disaster to troubleshoot.
-ryan
Example, if the ISP assigned 10.0.0.0/30 for your link and took 10.0.0.1
for themselves (in v7+ format):
! *** pix ***
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.248 standby 10.0.0.3
!
route outside 10.0.0.4 255.255.255.252 10.0.0.1
!
Please just change ISP. :-)
Regards,
Peter
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list