I have tried adding an additional Ethernet card (PIX-4FE-66) on to the PIX 535 firewall cluster running software Version 7.0(4). Firewalls are running in active/standby failover mode through a dedicated LAN cable.
After shutting down and disconnecting the primary pix firewall from the network, we tried adding the card. The new card got detected, but we found that even the existing interfaces were not coming up. We tried inserting the card on to different slots, but we didn't succeed. Also we tried a different card as well.
As per Cisco documentation, the card was compatible with the hardware and we had supporting license on the firewall as well.
attaching the 'show int ip brief output' result when the card was inserted.
My concerns are,
1) Will the numbering of the interfaces change when we add a new interface card on to it. Will the existing numbers get assigned to the newly assigned interface?
2) Should we put the card on both the active and standby firewalls and bring up both the boxes at once.
3) Will there be any problem with the combination of cards put in the box.
Currently the slots in the firewall are populated in the following manner;
Slot 0: Empty
Slot 1: Empty
Slot 2: PIX-4FE-66
Slot 3: Empty
Slot 4: Empty
Slot 5: Empty
Slot 6: PIX-1FE
Slot 7: PIX-1FE
Slot 8: Empty
#sh in ip brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 xxx.x.x.xx YES CONFIG down down
Ethernet1 xx.xx.xx.x YES CONFIG down down
Ethernet2 x.x.x.x YES CONFIG down down
Ethernet3 x.x.x.x YES CONFIG down down
Ethernet4 x.x.x.x YES CONFIG down down
Ethernet5 x.x.x.x YES CONFIG up up
Ethernet6 unassigned YES unset administratively down down
Ethernet7 unassigned YES unset administratively down down
Ethernet8 unassigned YES unset administratively down down
Ethernet9 unassigned YES unset administratively down down
The PIX-4FE-66 may be installed in any slot. If there is a shortage of 64-bit/66 MHz card slots (the slots are being used for 1GE-66 or PIX-VACPLUS), the PIX-4FE-66 should be installed in 32-bit/33 MHz card slot.The interface numbers wont be changed and the performance remains same.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...