01-18-2008 06:38 AM - edited 03-11-2019 04:50 AM
I thought I was following this how-to and it seemed straightforward:
http://www.cisco.com/en/US/docs/security/pix/pix63/hw/installation/guide/515.html#wp1048874
But the primary cluster is not copying the configuration over to the secondary.
I configured primary and checked its operations. I connected the primary end of the serial failover cable to the primary and the secondary end to the secondary PIX. I made sure all interfaces I'm using were connected to the correct switches. One thing I was confused about was it talks of a dedicated port for stateful failover using a crossover cable. I could not find an ethernet port that was dedicated for failover so I just connected an available port on each PIX with an ethernet crossover cable.
I powered up the primary and it said "Failover cable present (status = 1), enabled failover and set Standby". I powered up the second and the primary said "WARNING: Failover disable but failover cable connected. To enable failover, in config, type failover"
The link didn't say anything about any additional configs but the configuration wasn't being copied over. I went to the primary and added failover to its config and wrote the memory and started the power up procedure again. The primary still didn't copy over the config. I ran out of the maintenance window so I couldn't work on it further.
Can someone tell me what I'm doing wrong? I'm gonna try it again this Saturday.
01-18-2008 12:22 PM
There is not a 'dedicated' interface for failover. You choose one available interface and assign configuration to it to serve as the stateful link. See:
Once you do this, you should be all set.
01-18-2008 01:10 PM
Thanks for that link. It looks to be the more correct procedure.
Since I already have the serial failover cable connected, do I even need to set up an available ethernet interface? From the link, it looks like either one should work by itself.
01-18-2008 06:59 PM
if you have the serial failover cable installed, that should be enough for failover.
If you want stateful failover, you have to use another interface though.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: