Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Failover - IP reachability

In a typical Active/standby failover scenario, is it complulsory to have an IP reachability between a pair of interfaces ? For e.g DMZ interface on Primary is 192.168.55.1/24 and on secondary is 192.168.55.2/24. Can failover work normally if there is no connectivity between 192.168.55.1 and 192.168.55.1 ?

All the 4 tests i.e.

1. Link Up/Down test

2. Network Activity test

3. ARP test

4. Broadcast Ping test

can be passed without reachablity between the interface pairs.

Can somebody explain this and correct me on this?

2 REPLIES
New Member

Re: PIX Failover - IP reachability

No it cannot work.

Each of your failover cluster member sends "probes" to his mate on each monitored interface.

If it cannot join the other one, it becomes active then.

Regards,

Gaetan

Re: PIX Failover - IP reachability

Hi .. if the status of the interface (either from layer 1 to layer 3) is not OK, then the failver is triggered. If you are tying not to monitor one interface then you can do that by adding the no monitor-interface if_name command from global config mode. Failover will work as normal but will not check the status of the interface where you entered the mentioned command. by the way the command is on code 7.0 and above

I hope it help .. please rate it if it does !!!

129
Views
0
Helpful
2
Replies
CreatePlease to create content