We have 2 unit of PIX525 and have been configured as statefull redundancy firewall. The active unit is connected to Cat-6513-A and the standby unit is connected to Cat-6513-B and both are connected to the same VLAN.
We have few occasions whereby the sup-2 of Cat-6513-A (where the active FW is connected) changed to rommon state for unknown reason. The problem is the active FW is not failover when this thing is happened due to the Fast Ethernet Module is up and caused the whole network is down.
My technical manager would like to make an additional NIC for Firewalls so that each FW has connection to both Cat-6513-A and Cat6513-B. In other words, he though that when the sup2 of Cat-6513-A is down, the active firewall should know how to route the traffic via the interface connected to the Cat-6513-B.
My questions are:
1. Has anybody having this type of set up? Should I connect the new NIC to the same VLAN as the old one and should I connect to the new VLAN? How do you handle the routing? Note that the existing interface connected to Cat-6513 is the outside interface and this is default gateway for the FW.
2. If this is not the correct solution, how normally we handle this problem?
Provisioning one more NIC on the firewall is not going to help you. I just tested in the my lab setup the behaviour of Cat6K when it is in ROMMON mode and I find that it brings down the link. So this failure should be sensed by the Firewall. In your case it looks like the Cat6K is misbehaving and bringing down the Ethernet link when it is in ROMMON.
I would suggest you to troubleshoot the problem with your Cat6K rather than providing some fix for the Firewall design. Just my thoughts. There might be a better solution to this problem. Can someone help?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...