×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Change IP interface of Pix. Will it failover?

Unanswered Question
Nov 30th, 2006
User Badges:

I have two PIXes on Active-failover setup. I need to change one DMZ interface to public address. Will the setup failover once i do this?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.kiprawih Sat, 12/02/2006 - 04:35
User Badges:
  • Gold, 750 points or more

BTW, since one of the DMZ interface will be used for something else, you might need to exclude both DMZ from participating in failover before connecting the port to public interface.


Remove it from Standby unit first, which will break the failover communication for a while.

Your Active/Primary PIX unit will remain active.


Then remove the DMZ on Active unit, and configure it with your required config.


Issue 'no failover', then execute 'failover' command again.


Check the failover status 'sh failover'. Your inside & outside interfaces should still be active in Primary unit. Go to Standby/secondary PIX, check the failover status. If not sync, issue 'no failover' command, followed by 'failover' command only.


This will synch both Active & Standby unit without triggering failover.


*do not use 'failovcer active', as this will force Standby unit to become active.


HTH

AK

Actions

This Discussion