Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Redundancy design question

I have two PIX 520 configured as Active/Standby mode at production. I am adding two Cat 6509 behind the PIX. The inside interface of the Active PIX connects to 6509-A; the inside interface of the Standby PIX connect to 6509-B. The 6509 is running HSRP and has a trunk between the switches. Under this physical connection, it seems if the 6509-A is dead, there is no other path to reach 6509-B. Do i have to add another interface card to the pix so I can connect to 6509-B or is there any other way to achieve redundancy?

  • Other Network Infrastructure Subjects
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Redundancy design question

hi

As mentioned by brandon you need to have failover configured in your pix firewalls to tackle the situation and to handle the active transactions/traffic when 6509A or the primary switch goes down.

In order to achieve that PIX B should have the whole lot of transaction info being carried out PIXA.

With that info in place the transition of traffic from PIXA to PIXB will be smooth when theres some probs with 6509A.

Also refer this link for more info on failover configs and concepts..

http://cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72f.html

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

regds

2 REPLIES
New Member

Re: Redundancy design question

If 6509A goes down, PIXA interface will go down and should cause PIXB to become the active interface. Should have a crossover cable between the two to keep all of the state info in sync. I'm not a pix person, I just know how our checkpoint install works

Re: Redundancy design question

hi

As mentioned by brandon you need to have failover configured in your pix firewalls to tackle the situation and to handle the active transactions/traffic when 6509A or the primary switch goes down.

In order to achieve that PIX B should have the whole lot of transaction info being carried out PIXA.

With that info in place the transition of traffic from PIXA to PIXB will be smooth when theres some probs with 6509A.

Also refer this link for more info on failover configs and concepts..

http://cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72f.html

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

regds

100
Views
0
Helpful
2
Replies
This widget could not be displayed.