Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Failover - IP reachability

In a typical Active/standby failover scenario, is it complulsory to have an IP reachability between a pair of interfaces ? For e.g DMZ interface on Primary is and on secondary is Can failover work normally if there is no connectivity between and ?

All the 4 tests i.e.

1. Link Up/Down test

2. Network Activity test

3. ARP test

4. Broadcast Ping test

can be passed without reachablity between the interface pairs.

Can somebody explain this and correct me on this?

New Member

Re: PIX Failover - IP reachability

No it cannot work.

Each of your failover cluster member sends "probes" to his mate on each monitored interface.

If it cannot join the other one, it becomes active then.



Re: PIX Failover - IP reachability

Hi .. if the status of the interface (either from layer 1 to layer 3) is not OK, then the failver is triggered. If you are tying not to monitor one interface then you can do that by adding the no monitor-interface if_name command from global config mode. Failover will work as normal but will not check the status of the interface where you entered the mentioned command. by the way the command is on code 7.0 and above

I hope it help .. please rate it if it does !!!

CreatePlease to create content