Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
2
Replies

Redundancy design question

Go to solution
kope
Level 1
Level 1

‎10-12-2005 07:46 PM - edited ‎03-03-2019 12:23 AM

I have two PIX 520 configured as Active/Standby mode at production. I am adding two Cat 6509 behind the PIX. The inside interface of the Active PIX connects to 6509-A; the inside interface of the Standby PIX connect to 6509-B. The 6509 is running HSRP and has a trunk between the switches. Under this physical connection, it seems if the 6509-A is dead, there is no other path to reach 6509-B. Do i have to add another interface card to the pix so I can connect to 6509-B or is there any other way to achieve redundancy?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
spremkumar
Level 9
Level 9
In response to bdodd

‎10-12-2005 10:31 PM

hi

As mentioned by brandon you need to have failover configured in your pix firewalls to tackle the situation and to handle the active transactions/traffic when 6509A or the primary switch goes down.

In order to achieve that PIX B should have the whole lot of transaction info being carried out PIXA.

With that info in place the transition of traffic from PIXA to PIXB will be smooth when theres some probs with 6509A.

Also refer this link for more info on failover configs and concepts..

http://cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72f.html

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

regds

View solution in original post

0 Helpful
2 Replies 2

Go to solution
bdodd
Level 1
Level 1

‎10-12-2005 08:08 PM

If 6509A goes down, PIXA interface will go down and should cause PIXB to become the active interface. Should have a crossover cable between the two to keep all of the state info in sync. I'm not a pix person, I just know how our checkpoint install works

0 Helpful

Go to solution
spremkumar
Level 9
Level 9
In response to bdodd

‎10-12-2005 10:31 PM

hi

As mentioned by brandon you need to have failover configured in your pix firewalls to tackle the situation and to handle the active transactions/traffic when 6509A or the primary switch goes down.

In order to achieve that PIX B should have the whole lot of transaction info being carried out PIXA.

With that info in place the transition of traffic from PIXA to PIXB will be smooth when theres some probs with 6509A.

Also refer this link for more info on failover configs and concepts..

http://cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72f.html

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

regds

0 Helpful
Customers Also Viewed These Support Documents