PIX LAN Base Failover

Unanswered Question
Jul 2nd, 2008
User Badges:

I have pix 525 with 8.x IOS. earlier i have the serial base failover it was working fine, but when i try to configure this pair with lan to lan failover. I m not able to configure this.


I tried with cross cable used for lan to lan failover and also try with making sepearte vlan for lan base failover cable.


First i configure the primary firewall with the below commands


failover

failover lan unit primary

failover lan interface failover Ethernet2

failover replication http

failover link state Ethernet3

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2


When i paste these commands i got this messsage


At that time secondary firewall was not power up.


Then I power up the secondary firewall and configure the following commands and also no shut the stateful and lan interfaces

pixfirewall(config-if)# failover lan unit secondary

pixfirewall(config)# failover lan interface failover Ethernet2

INFO: Non-failover interface config is cleared on Ethernet2 and its sub-interfaces

pixfirewall(config)# failover replication http

pixfirewall(config)# failover link state Ethernet3

INFO: Non-failover interface config is cleared on Ethernet3 and its sub-interfaces

pixfirewall(config)# failover interface ip failover 192.168.96.2 255.255.255.0$

pixfirewall(config)# failover interface ip state 192.168.97.2 255.255.255.0 st$

pixfirewall(config)# failover

pixfirewall(config)# .

No Response from Mate





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Wed, 07/02/2008 - 14:42
User Badges:
  • Gold, 750 points or more

on the second


no failover

failover lan unit secondary

failover lan interface failover Ethernet2

failover replication http

failover link state Ethernet3

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2

failover


wasiimcisco Wed, 07/02/2008 - 20:48
User Badges:

my firewall inside interfaces are connected with switch, i made a vlan in that switch and put lan failover cables there. Will that fine. Secondly i tried with cross cable as lan base failover, is that right or switch must require for it.


i will put the commands u given to me, and ten get back to u with the restul.


thanks for the reply.

wasiimcisco Thu, 07/03/2008 - 06:37
User Badges:

i tried but still the problem is there


pixfirewall(config)# failover lan unit secondary

pixfirewall(config)# failover lan interface failover Ethernet2

INFO: Non-failover interface config is cleared on Ethernet2 and its sub-interfaces

pixfirewall(config)# failover replication http

pixfirewall(config)# failover link state Ethernet3

INFO: Non-failover interface config is cleared on Ethernet3 and its sub-interfaces

pixfirewall(config)# failover interface ip failover 192.168.96.2 255.255.255.0$

pixfirewall(config)# failover interface ip state 192.168.97.2 255.255.255.0 st$

pixfirewall(config)#

pixfirewall(config)# failover

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)#

pixfirewall(config)# .


========================== NOTICE ===========================

This platform is licensed as a secondary failover only unit.

This platform will reboot at 24 hours intervals in its

current state.

=============================================================



No Response from Mate


pixfirewall(config)#


Switching to Active

pixfirewall(config)#



Pleaes help me out how to solve this problem.



a.alekseev Thu, 07/03/2008 - 06:52
User Badges:
  • Gold, 750 points or more

do you understand the difference?

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2


and

failover interface ip failover 192.168.96.2 255.255.255.0 standby 192.168.96.1

failover interface ip state 192.168.97.2 255.255.255.0 standby 192.168.97.1



do on the second


no failover

failover lan unit secondary

failover lan interface failover Ethernet2

failover replication http

failover link state Ethernet3

failover interface ip failover 192.168.96.1 255.255.255.0 standby 192.168.96.2

failover interface ip state 192.168.97.1 255.255.255.0 standby 192.168.97.2

failover


Actions

This Discussion