Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 515E failover pair - is this setup possible? (Please see inside)

Hi All,

We've been asked to configure a pair of PIX's for a site, and they've just been delivered to us, however they neglected to mention that they are a failover pair, AND they only have 2 Interfaces!

The Two PIX's will be in two geographically seperate buildings (connected with Fibre's)

We need to configure them so that their Outside interfaces are on different subnets... e.g.

Primary Outside = 10.0.0.2/30

Secondary Outside = 10.0.0.6/30

Also, as we only have two Interfaces, can we set up a LAN based Failover with the failover running over a VLAN out of the Inside Interface?

I have attached an example Diagram of what we are trying to do.

Many Thanks

Nick

2 REPLIES
Community Member

Re: PIX 515E failover pair - is this setup possible? (Please see

Bump.

Can anyone advise as to whether we can use a VLAN subinterface for the failover LAN?

Cheers,

Nick

Silver

Re: PIX 515E failover pair - is this setup possible? (Please see

Hello,

First of all, all interfaces of the failover and the primary should be on the same subnet. Therefore, the scenario won't work if you have two PIX with different subnets.

As for the failover LAN you need to use a dedicated ethernet interface. You can't use VLAN for this purpose .

Below you can find a link that shows what are the requirements for PIX Failover configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml

This is what is noted in the document

"You have to dedicate an Ethernet interface (and switch ports) to the failover link, and the interface cannot be used for regular traffic. "

Hope this helps and appreciate your rating,

Regards,

213
Views
5
Helpful
2
Replies
CreatePlease to create content