Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Failover

I'm proposing to install two pix firewall in a lan based failover configuration. Each firewall will be physically installed at either end of a DWDM link. I'm dedicating interfaces and vlan's for both the 'failover' and 'stateful' connections on each switch at either end of the DWDM link. However, the actual link between both switches on the DWDM will need to be trunked. Can I expect to see any issues with failover in this configuration?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: PIX Failover

Hi Neil

I can't comment on the DWDM side of things but as long as it functions as a trunk link then i can't see why you would have any issues. In effect it is often what people do on a pair of resilient switches connected by a trunk link with a pix on each switch. We have this setup in our datacentre.

As long as there is enough bandwidth on the trunk it should be fine.

HTH

Jon

3 REPLIES
Hall of Fame Super Blue

Re: PIX Failover

Hi Neil

I can't comment on the DWDM side of things but as long as it functions as a trunk link then i can't see why you would have any issues. In effect it is often what people do on a pair of resilient switches connected by a trunk link with a pix on each switch. We have this setup in our datacentre.

As long as there is enough bandwidth on the trunk it should be fine.

HTH

Jon

New Member

Re: PIX Failover

Thanks Jon, thats made me more confident about the implementation.

Really appreciate your comments!

New Member

Re: PIX Failover

I agree totally with Jon! I did want to mention that we had this same setup in our DataCenter about a year ago and had not actually tested it. One day we have one of the switches die and when it did for some reason the trunk going down took out both switches. We reviewed this with our Cisco SE who had OK's this config, upgraded our IOS and tested the setup in a lab. Post IOS upgrade we were fine. I guess the moral of this story is Lab it out before you rely on it.

Good luck.

128
Views
0
Helpful
3
Replies