Has anyone ever configured PIX failover with multiple (6) physical interfaces, and each of the physical interfaces having multiple logical interfaces (vlans) configured?? (A total of 16 interfaces including both logical and physical) The vlan configs are working fine, but the failover config is choking. The active PIX says the standby connection is failing. None of the debug failover commands point out anything obvious. 'sh fail' shows that the cable connection is good. Both PIXes are 535's running the same version of code - 6.3(1) and the same version of PDM. Any ideas? I can post a cfg if necessary. Thanks! -Rich
Do you have a catalyst switch on the inside and outside interfaces. Have you enabled portfast and disabled channeling and trunking on each of the switch ports the pix interfaces are plugged into?
Many of the default port parameters of the Switches are not desirable when plugging a PIX into the switch. For example, on a switch running Catalyst OS, default channeling is set to Auto, trunking is set to Auto, and PortFast is disabled. If you connect a PIX to a switch running Catalyst OS, please disable channeling, disable trunking, and enable PortFast.
All interfaces on the pix are connected to a cat 5500. portfast is enabled and channeling is disabled. I have to leave trunking enabled, however, because I've configured vlans on the pix in the form of logical interfaces. I think something else is wrong, though. I disconnect all cables from the standby PIX, including the failover cable, and when I power it back on I can't even get to a prompt from the console port. My plan was to wipe the config on the standby pix and then re-establish connectivity with the active one and synch configs. So far, no luck!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :