I'm bit of a novice with failover. Anyone have any tips or tricks? I have as single cable connection. My biggest concern is how to set up the routers as the gateway to the internet but I'm not sure how that would work if I only have one port on the cable modem. That and I don't know how to set it up in general!
The first thing to understand about FO is that the units are almost identical in config so only 1 is active at any given time and the other is standby. They communicate over their failover cable or a dedicated Ethernet cable/interface between the two devices. Depending on the code you're running the dedicate FO cable may be required.
When configuring the primary unit you can follow the documentation for your version to build the FO pair. Then every command you type on the primary is replicated to the secondary.
To get both units to connect to the gateway to the Internet will require a switch with at least 3 ports. The PRI/SEC PIX will also need two IP addresses in the same subnet as the gateway. If you don't have multiple IP addresses for your public subnet you're not going to be able to use FO.
I hope this gets you started and let me know if you need more info.
Just requested another IP from my ISP.. both are dynamic is that is ok. Now what do I do? Am I correct in assuming both units must have the same version on them? How much would it be to get a contract to get the correct software for the device?
Unfortunately, no, dynamic IP addresses are not going to work. Yes, you must have the same hardware and OS version on each PIX. I believe the PIX 525s are EOL and you will not be able to get a contract on them but you would have to ask a Cisco reseller to be sure about that. It would probably be expensive too since they want you to buy ASAs.
Your ISP needs to assign you a small block of addresses - even a /29 will give you 6 addresses to use. 1 will be for your gateway and 2 will be for the PIX outside interfaces. The other 3 can be used to present internal hosts to the public if necessary.
And if you only have one gateway why are you worried about firewall redundancy? I believe it's just adding complexity without adding much value. Of course, I'm sure you have your reasons but I'm curious.
I don't think DHCP is supported in an FO pair because the secondary unit doesn't speak on the network until it has to take over for the primary. When it does, it assumes the MAC and IP address of the primary - it doesn't use it's own identity.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...