Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
1
Replies

VPN Failover

awebb
Level 1
Level 1

‎06-01-2006 01:39 PM - edited ‎02-21-2020 02:27 PM

I have two PIX515E running 7.1(2). I'm having a hard time finding details or config examples for VPN failover. Simply put, when the failover happens, I want my remote users and remote site IPSec tunnels to fail with it and have nobody skip a beat.

Labels:
0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎06-01-2006 06:45 PM

I suggest you to have a look at the Admin guide .. there is achpater about configuring fail over. Make sure you configured LAN failover and also state ful failover.

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008054c4b7.html

Basically on the Primary PIX you need :

failover

failover lan unit primary

failover lan interface failover

failover replication http

failover link failover

failover interface ip failover 10.10.10.9 255.255.255.252 standby 10.10.10.10

On the secondary failover you need:

failover

failover lan unit secondary

failover lan interface failover

failover interface ip failover 10.10.10.9 255.255.255.252 standby 10.10.10.10

NOTE: You can also use the optional command failover key to encrypt communication between the PIXes. This is recommended when your PIX is terminating VPN tunnels as the the usernames, passwords, shared keys ..etc will replicate on clear text otherwise.

I hope it helps .. please rate if it does !!!

0 Helpful
Customers Also Viewed These Support Documents