Solved: PIX Failover

neil.robinson · ‎02-12-2007

I'm proposing to install two pix firewall in a lan based failover configuration. Each firewall will be physically installed at either end of a DWDM link. I'm dedicating interfaces and vlan's for both the 'failover' and 'stateful' connections on each switch at either end of the DWDM link. However, the actual link between both switches on the DWDM will need to be trunked. Can I expect to see any issues with failover in this configuration?

Jon Marshall · ‎02-12-2007

Hi Neil

I can't comment on the DWDM side of things but as long as it functions as a trunk link then i can't see why you would have any issues. In effect it is often what people do on a pair of resilient switches connected by a trunk link with a pix on each switch. We have this setup in our datacentre.

As long as there is enough bandwidth on the trunk it should be fine.

HTH

Jon

View solution in original post

Jon Marshall · ‎02-12-2007

Hi Neil

I can't comment on the DWDM side of things but as long as it functions as a trunk link then i can't see why you would have any issues. In effect it is often what people do on a pair of resilient switches connected by a trunk link with a pix on each switch. We have this setup in our datacentre.

As long as there is enough bandwidth on the trunk it should be fine.

HTH

Jon

neil.robinson · ‎02-12-2007

Thanks Jon, thats made me more confident about the implementation.

Really appreciate your comments!

cratejockey · ‎02-13-2007

I agree totally with Jon! I did want to mention that we had this same setup in our DataCenter about a year ago and had not actually tested it. One day we have one of the switches die and when it did for some reason the trunk going down took out both switches. We reviewed this with our Cisco SE who had OK's this config, upgraded our IOS and tested the setup in a lab. Post IOS upgrade we were fine. I guess the moral of this story is Lab it out before you rely on it.

Good luck.