Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

6.2 features

Quote from documentation:

A dedicated LAN interface and a dedicated switch/hub (or VLAN) is required to implement LAN-based failover. You cannot use a crossover Ethernet cable to connect the two PIX Firewalls.

Any special reason you can not use crossover cable? (Not that it is any problem to implement this with a hub or switch, I'm just courious about it.)

Another thing that kind of bothers me is configuration of secondary failover unit when using certificates w/ IPSec. Does that mean that now the private key can be sniffed on this hub/switch? As far as I know there is no way to get the private key in a standalone (single PIX) configuration, but in failover since you don't configure anything on the secondary unit, this key must somehow be transmitted over a (less secure?) link?

ROK

  • Other Security Subjects
1 REPLY
Silver

Re: 6.2 features

214
Views
0
Helpful
1
Replies