I posted a message on the Ask The Experts - PIX Firewall topic asking if it was possible to do active/active failover with two PIXen and also have loadbalancing, without having to use a content service switch. The reply back was "yes" but did not elaborate.
I'd be very interested to find the documentation that discusses how to do this on the PIX.
Honestly, I have no idea what Cihan was referring to when he said you could currently do this. PIX 7.0 is slated to have a limited method for doing active/active failover but at the current time, there is no ability to have an active/active setup without using a CSS. You may want to drop Cihan a line (his e-mail address is posted all over the Ask the Expert thread) and get a better answer from him. Sorry!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...