Statefull failover Not working-PIX 525

Unanswered Question
Dec 10th, 2003
User Badges:

Hey can be some help me out

I have two PIX 525 and i implemented Statefull Failover between them -- its not working .. but when i enabled LAN based Failover it works fine ....

PIX- 6.2(2) version


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
scoclayton Wed, 12/10/2003 - 14:29
User Badges:
  • Gold, 750 points or more


I would be happy to help but I am going to need quite a bit more information to get started. First of all, Lan based failover and stateful failover are not related. Lan based failover is another option you can use if your PIX's are too far apart for the Serial failover cable. Stateful failover can be run or not run in conjunction with both lan based failover and serial based failover. What are you doing to determine that stateful failover is not working?


azharmd Sun, 12/14/2003 - 07:13
User Badges:

My basic idea is to achieve the Statefull failover , since it was not working i configured the LAN based failover(which is working) I would like to know

1.Does Statefull failover works same as LAN based i mean connections will remain as it is during the failover......

post ur email address so i can drop u the complete configuration

scoclayton Mon, 12/15/2003 - 10:52
User Badges:
  • Gold, 750 points or more


Let me try this again. Stateful failover and Lan based failover do not really have anything to do with one another. Lan based failover is another way of accomplishing failover between two PIX's if the distance between the two PIX's is greater than 6 feet (the length of a standard Cisco serial failover cable). Stateful failover is a method used in addition to one of the failover implementations above. It is used to pass "state" information from the active PIX to the stand-by PIX so that currently established connections are not dropped if a failover occurs. In serial based failover setups, you need to dedicate a seperate ethernet interface on both PIX's for the stateful failover communications. In a Lan Based failover setup, you can use the same interface and cable between the two PIX's for both purposes BUT, this is not recommended. The stateful link can be heavily utilized and you do not want this traffic to starve your normal failover communications between the two PIX's and cause an unnecessary failover. Does this help you undertand a little?



This Discussion