Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
2
Replies

PIX Failover - IP reachability

swapnendum
Level 1
Level 1

‎06-24-2007 11:36 AM - edited ‎03-11-2019 03:34 AM

In a typical Active/standby failover scenario, is it complulsory to have an IP reachability between a pair of interfaces ? For e.g DMZ interface on Primary is 192.168.55.1/24 and on secondary is 192.168.55.2/24. Can failover work normally if there is no connectivity between 192.168.55.1 and 192.168.55.1 ?

All the 4 tests i.e.

1. Link Up/Down test

2. Network Activity test

3. ARP test

4. Broadcast Ping test

can be passed without reachablity between the interface pairs.

Can somebody explain this and correct me on this?

Labels:
0 Helpful
2 Replies 2

gaetan.allart
Level 1
Level 1

‎06-25-2007 02:44 AM

No it cannot work.

Each of your failover cluster member sends "probes" to his mate on each monitored interface.

If it cannot join the other one, it becomes active then.

Regards,

Gaetan

0 Helpful

Fernando_Meza
Level 7
Level 7

‎06-25-2007 03:55 AM

Hi .. if the status of the interface (either from layer 1 to layer 3) is not OK, then the failver is triggered. If you are tying not to monitor one interface then you can do that by adding the no monitor-interface if_name command from global config mode. Failover will work as normal but will not check the status of the interface where you entered the mentioned command. by the way the command is on code 7.0 and above

I hope it help .. please rate it if it does !!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card