Problems clustering two PIX 515e

Unanswered Question
Jan 18th, 2008
User Badges:

I thought I was following this how-to and it seemed straightforward:

http://www.cisco.com/en/US/docs/security/pix/pix63/hw/installation/guide/515.html#wp1048874


But the primary cluster is not copying the configuration over to the secondary.


I configured primary and checked its operations. I connected the primary end of the serial failover cable to the primary and the secondary end to the secondary PIX. I made sure all interfaces I'm using were connected to the correct switches. One thing I was confused about was it talks of a dedicated port for stateful failover using a crossover cable. I could not find an ethernet port that was dedicated for failover so I just connected an available port on each PIX with an ethernet crossover cable.


I powered up the primary and it said "Failover cable present (status = 1), enabled failover and set Standby". I powered up the second and the primary said "WARNING: Failover disable but failover cable connected. To enable failover, in config, type failover"


The link didn't say anything about any additional configs but the configuration wasn't being copied over. I went to the primary and added failover to its config and wrote the memory and started the power up procedure again. The primary still didn't copy over the config. I ran out of the maintenance window so I couldn't work on it further.


Can someone tell me what I'm doing wrong? I'm gonna try it again this Saturday.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rimbertr1 Fri, 01/18/2008 - 13:10
User Badges:

Thanks for that link. It looks to be the more correct procedure.


Since I already have the serial failover cable connected, do I even need to set up an available ethernet interface? From the link, it looks like either one should work by itself.

srue Fri, 01/18/2008 - 18:59
User Badges:
  • Blue, 1500 points or more

if you have the serial failover cable installed, that should be enough for failover.

If you want stateful failover, you have to use another interface though.

Actions

This Discussion