PIX LAN Base Failover

Unanswered Question
Jul 2nd, 2008

I have pix 525 with 8.x IOS. earlier i have the serial base failover it was working fine, but when i try to configure this pair with lan to lan failover. I m not able to configure this.


I tried with cross cable used for lan to lan failover and also try with making sepearte vlan for lan base failover cable.


First i configure the primary firewall with the below commands


failover

failover lan unit primary

failover lan interface failover Ethernet2

failover replication http

failover link state Ethernet3

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2


When i paste these commands i got this messsage


At that time secondary firewall was not power up.


Then I power up the secondary firewall and configure the following commands and also no shut the stateful and lan interfaces

pixfirewall(config-if)# failover lan unit secondary

pixfirewall(config)# failover lan interface failover Ethernet2

INFO: Non-failover interface config is cleared on Ethernet2 and its sub-interfaces

pixfirewall(config)# failover replication http

pixfirewall(config)# failover link state Ethernet3

INFO: Non-failover interface config is cleared on Ethernet3 and its sub-interfaces

pixfirewall(config)# failover interface ip failover 192.168.96.2 255.255.255.0$

pixfirewall(config)# failover interface ip state 192.168.97.2 255.255.255.0 st$

pixfirewall(config)# failover

pixfirewall(config)# .

No Response from Mate





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Wed, 07/02/2008 - 14:42

on the second


no failover

failover lan unit secondary

failover lan interface failover Ethernet2

failover replication http

failover link state Ethernet3

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2

failover


wasiimcisco Wed, 07/02/2008 - 20:48

my firewall inside interfaces are connected with switch, i made a vlan in that switch and put lan failover cables there. Will that fine. Secondly i tried with cross cable as lan base failover, is that right or switch must require for it.


i will put the commands u given to me, and ten get back to u with the restul.


thanks for the reply.

wasiimcisco Thu, 07/03/2008 - 06:37

i tried but still the problem is there


pixfirewall(config)# failover lan unit secondary

pixfirewall(config)# failover lan interface failover Ethernet2

INFO: Non-failover interface config is cleared on Ethernet2 and its sub-interfaces

pixfirewall(config)# failover replication http

pixfirewall(config)# failover link state Ethernet3

INFO: Non-failover interface config is cleared on Ethernet3 and its sub-interfaces

pixfirewall(config)# failover interface ip failover 192.168.96.2 255.255.255.0$

pixfirewall(config)# failover interface ip state 192.168.97.2 255.255.255.0 st$

pixfirewall(config)#

pixfirewall(config)# failover

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)# .


========================== NOTICE ===========================

This platform is licensed as a secondary failover only unit.

This platform will reboot at 24 hours intervals in its

current state.

=============================================================



No Response from Mate


pixfirewall(config)#


Switching to Active

pixfirewall(config)#



Pleaes help me out how to solve this problem.



a.alekseev Thu, 07/03/2008 - 06:52

do you understand the difference?

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2


and

failover interface ip failover 192.168.96.2 255.255.255.0 standby 192.168.96.1

failover interface ip state 192.168.97.2 255.255.255.0 standby 192.168.97.1



do on the second


no failover

failover lan unit secondary

failover lan interface failover Ethernet2

failover replication http

failover link state Ethernet3

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2

failover


Actions

This Discussion