02-27-2008 07:39 PM
I have a pair of PIX 515E (6.3) running in failover mode. They are currently connecting to a single chassis core. We are upgrading our network with dual 6500's at the core. Is there a way to connect each PIX to a separate core (PIX 1 - Core1, PIX 2 - Core2) to allow for a core failure?
Core 1 and Core 2 will have a L2 link between them. If the current active PIX is connected to Core1, and Core 1 dies, this would not cause the failover PIX to take over. All LAN traffic would be going through Core 2, but since it does not have an active path to the active PIX 1, traffic would drop. Is my thinking correct?
Is there a way to connect the PIX's to dual cores running V6.3?
Solved! Go to Solution.
02-27-2008 08:48 PM
Hi,
If you are using cable-based failover, you can change to LAN based failover.
Read http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html#wp1024836
I hope this helps.
Best regards.
Massimiliano.
02-27-2008 08:48 PM
Hi,
If you are using cable-based failover, you can change to LAN based failover.
Read http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html#wp1024836
I hope this helps.
Best regards.
Massimiliano.
02-28-2008 05:53 AM
We are using cable based. I will look into the LAN based.
Thanks
02-28-2008 10:52 AM
You're welcome,
Massimiliano.
02-28-2008 11:37 AM
When running LAN based failover, I see the statefull link only needs two addresses, so I can use a /30 network.
Will the failover network ever need more than 2 addresses? I'm trying to determine which network to carve up for my failover since we are re-addressing as part of this upgrade.
02-28-2008 02:01 PM
No.
And in fact you could use any network you want (1.1.1.0/30, 192.168.0.0/24...) as you will (should) never route traffic on that network.
Don't forget to trunk that vlan between the two 6500.
02-29-2008 02:34 PM
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: