I having the following PIX 515e firewalls at the Head Office.
1. Active PIX 515 E is having 6.3(5) IOS,16 MB Flash and 128 MB RAM with UR license with Failover .
2.The Standby PIX 515 e is having the 6.3 (5) IOS,16 MB Flash and 128 RAM with FO License.
Now I have 48 small branches accross the country all used to connect to the Head Office through the IPSec tunnel.
Now my problem is Fail Over configuration.
I know two method of configuring the Failover
1. Cable Based Failover
2.LAN based fail over.
My doubt is it possibel to have the Link State in Cale based Failover?If so how t do it?
In LAN based is o.k,e0 interface for OUTSIDE,e1 for INSIDE,e2 for Link STATE and e3 for FAILOVER.
In either case what is the IP address to be given for the OUTSIDE interface,if it not the SAME IP ADDRESS then VPN client connectivity will be problem if the PRIMARY (Active) firewall is down,because the VPN tunnels are established to teh PUBLIC IP address of the PRIMARY firewall,if the Secondary (Standby) fireall's OUTSIDE interface is not having the same IP Address as teh Primary then the VPN Client will not be able to connect through the VPN.
Please guide me to configure failover to meet my requirement that i sall my VPN clients should be able to connect to the seondary file wallif teh Primary firewall fails.
with cable based failover, u dont hget the state information propagated between the firewalls.. you need to do a stateful failover, by connecting the devices through a cross cable.. Refer to the document I had given before. Here it is again:
As said, the firewall will not replace IP address when doing failover.. It will swap the MAC and IP addresses between the active and failover devices, to maintain all the connectivities related to the failover box.. VPN connections will still refer to the same IP address, as the failover unit will take over the IP address of the primary box, after failure
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...