Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
3
Replies

Problems clustering two PIX 515e

rimbertr1
Level 1
Level 1

‎01-18-2008 06:38 AM - edited ‎03-11-2019 04:50 AM

I thought I was following this how-to and it seemed straightforward:

http://www.cisco.com/en/US/docs/security/pix/pix63/hw/installation/guide/515.html#wp1048874

But the primary cluster is not copying the configuration over to the secondary.

I configured primary and checked its operations. I connected the primary end of the serial failover cable to the primary and the secondary end to the secondary PIX. I made sure all interfaces I'm using were connected to the correct switches. One thing I was confused about was it talks of a dedicated port for stateful failover using a crossover cable. I could not find an ethernet port that was dedicated for failover so I just connected an available port on each PIX with an ethernet crossover cable.

I powered up the primary and it said "Failover cable present (status = 1), enabled failover and set Standby". I powered up the second and the primary said "WARNING: Failover disable but failover cable connected. To enable failover, in config, type failover"

The link didn't say anything about any additional configs but the configuration wasn't being copied over. I went to the primary and added failover to its config and wrote the memory and started the power up procedure again. The primary still didn't copy over the config. I ran out of the maintenance window so I couldn't work on it further.

Can someone tell me what I'm doing wrong? I'm gonna try it again this Saturday.

Labels:
0 Helpful
3 Replies 3

noran01
Level 3
Level 3

‎01-18-2008 12:22 PM

There is not a 'dedicated' interface for failover. You choose one available interface and assign configuration to it to serve as the stateful link. See:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#lanbas

Once you do this, you should be all set.

0 Helpful

rimbertr1
Level 1
Level 1
In response to noran01

‎01-18-2008 01:10 PM

Thanks for that link. It looks to be the more correct procedure.

Since I already have the serial failover cable connected, do I even need to set up an available ethernet interface? From the link, it looks like either one should work by itself.

0 Helpful

srue
Level 7
Level 7
In response to rimbertr1

‎01-18-2008 06:59 PM

if you have the serial failover cable installed, that should be enough for failover.

If you want stateful failover, you have to use another interface though.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card