Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LAN-Based failover and Intermittent Connectivity loss issues

Have 2 PIX535s each at remote sites configured for LAN-based failover. There is a VLAN("abc")designed for failover, but in that same VLAN are servers.

My setup is as follows:

PIX535 connects to a DMZ switch using 4 connections: the Inside intf & 3 other intfs.

On that same DMZ switch connects my core switch on the inside network. The core switch is the Root Bridge for the said VLAN ("abc"). It trunks this VLAN, along with others, to the DMZ switch.

On that same DMZ switch are a number of servers that are in this vlan ("abc").

When I configure one of the PIX interfaces to be in this same VLAN and be used for LAN-based failover I get intermittently lose of connectivity to different servers at different times. Its never any one particular server.

When I use another PIX interface, still connecting to this same DMZ switch, but in another VLAN ("xyz"), for LAN-based failover, I dont get any problems.

This other PIX interface is also being used for State failover. The idea is to have two separate interfaces, one each for LAN-based & State failover.

What could be the possible cause of this intermittent loss of connectivity to the servers in VLAN "abc" when I switch LAN-based failover to the PIX interface that connects to a VLAN "abc" port on the DMZ switch.

New Member

Re: LAN-Based failover and Intermittent Connectivity loss issues

For LAN based failover the ports MUST be dedicated for this purpose only. They must be configured as full duplex, and if I remeber correctly, you must have a switch in between the two pix systems. Not so with an ASA, you can have cross over, although I would not recommend this. That is for another discussion.

I suspect the traffic is stopping the keepalives, and if it is probably bursty traffic, this will happen.

Hope this helps.

(I await the flames of those who will correct me) :-)

New Member

Re: LAN-Based failover and Intermittent Connectivity loss issues

The PIX intf connects to an access port on the switch participating in that VLAN. There is a couple of switches in between the 2 PIXs, and they all trunk that VLAN that the PIX failover intf is in. And also the one that the servers are in. Full duplex is configured, as is portfast

New Member

Re: LAN-Based failover and Intermittent Connectivity loss issues

OK, but you must have the LAN failover dedicated, i.e. no other VLAN traffic.

If you are on version 7, try a crossover, if V6.xx, then you need a switch in the middle.

The ports on the switch and the PIX must match, 100Mbps F/D, or whatever speed you are running.

Kind regards