Pix Failover

Unanswered Question
Apr 1st, 2008
User Badges:

Im trying to build out a new network and im looking for the most redundancy as possible :)


If you look at the attachment everything from my knowledge will work just peachy if I just connect the blue lines...The only problem is if the main top switch failed (not a link failure but a total shut off) I will need to make sure the main pix fails over to the secondary.


What I would much rather like is when the main switch failed I didnt have to have the pixs failover that there would be another link to handle this. Thats where the green lines come in..


Can someone get me on the right path here, ive looked into the tracking features on the pix but it seems to only work with two seperate ISPs etc.


thanks guys and gals



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Mon, 04/07/2008 - 06:49
User Badges:
  • Bronze, 100 points or more

You should have some kind of redundancy. Unfortunately, there's no way that you can configure pix to be able to detect whether the switch behind it is dead or not and be able to route the traffic to another back up switch when the primary switch is dead. But you can configure redundancy for the pix itself by configuring the pix for failover. That way, when the primary pix goes down it will failover to the secondary pix. Please refer to the following URL for more details.

How Failover Works on the Cisco Secure PIX Firewall:


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


b.cerniglia Mon, 04/07/2008 - 06:55
User Badges:

yeah it will be in failover..i was just hoping to minimize the amount of failover happening when one thing died....

Actions

This Discussion