Problems clustering two PIX 515e

Unanswered Question
Jan 18th, 2008

I thought I was following this how-to and it seemed straightforward:

http://www.cisco.com/en/US/docs/security/pix/pix63/hw/installation/guide/515.html#wp1048874

But the primary cluster is not copying the configuration over to the secondary.

I configured primary and checked its operations. I connected the primary end of the serial failover cable to the primary and the secondary end to the secondary PIX. I made sure all interfaces I'm using were connected to the correct switches. One thing I was confused about was it talks of a dedicated port for stateful failover using a crossover cable. I could not find an ethernet port that was dedicated for failover so I just connected an available port on each PIX with an ethernet crossover cable.

I powered up the primary and it said "Failover cable present (status = 1), enabled failover and set Standby". I powered up the second and the primary said "WARNING: Failover disable but failover cable connected. To enable failover, in config, type failover"

The link didn't say anything about any additional configs but the configuration wasn't being copied over. I went to the primary and added failover to its config and wrote the memory and started the power up procedure again. The primary still didn't copy over the config. I ran out of the maintenance window so I couldn't work on it further.

Can someone tell me what I'm doing wrong? I'm gonna try it again this Saturday.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rimbertr1 Fri, 01/18/2008 - 13:10

Thanks for that link. It looks to be the more correct procedure.

Since I already have the serial failover cable connected, do I even need to set up an available ethernet interface? From the link, it looks like either one should work by itself.

srue Fri, 01/18/2008 - 18:59

if you have the serial failover cable installed, that should be enough for failover.

If you want stateful failover, you have to use another interface though.

Actions

This Discussion