Re: Active/Active Failover Config on PIX-version 7.2
Active/Actice failover uses the security contexts so that both firewalls can be operational simultaniously. You need to ensure that you have the appropriate Failover and Context licenses on both devices.
In brief, during normal operation:
Firewall 1 is Active for Context A and Standby for Context B
Firewall 2 is Active for Context B and Standby for Context A
In case of failover, the surviving Firewall becomes Active for both Contexts.
Therefore each device needs to be connected identically to the appropriate LANS. Additioanly you should have a dedicated interface for the statefull traffic.
Also, the contexts must be in routed mode, not transparent for failover to operate.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...