Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Failover and Redundancy switch replacemnet

I have got this scenario :

Outside (internet)?switch 1?Primary PIX?Core1-----LAN

Outside (internet) ?Switch 2?Secondary PIX?Core2-----LAN

Switch 1------Switch 2 (connected via Ethernet link trunk)

Primary PIX------Secondary PIX (connected through failover cable via serial interface)

core 1------core 2 (connected via ethernet link trunk)

VPN concentrator is connected between switch 1 (active) and core 1

We have got active outside switch 1 (2950) , active primary pix (525) , and active core 1 (4000),,,,,

And also we have got inactive outside switch 2 (2950) , inactive secondary pix (525), and inactive core 2 (4000).

Redundancy has been taken in consideration

1- If primary PIX fails, the standby PIX (secondary) will take over (obvious), now does core 1 (active) will be replaced by core 2, because secondary PIX takes over ?

2- In the similar way does switch 1 (active) will be replaced by switch 2, because secondary PIX takes over?

3- Does the same thing happen to PIX, if switch 1 fails or core 1 fails? (i.e. if switch 1, obviously switch 2 takes over , does that mean the primary PIX will be replaced by secondary one )

4- If VPN fails, Shouldn?t there have been redundancy? (i.e. Is this a drawback in design) ?


Re: PIX Failover and Redundancy switch replacemnet

check out the following link on PIX Firewall Failover, hope this helps :

CreatePlease to create content