I read with interest the LAN Based failover enhancements in version 6.2.
I have a pair of PIX 515Es (1 x PIX-515E-UR-BUN and 1 x PIX-515E-FO-BUN) and want to run LAN based failover between them. The documentation suggests that I don't need the serial failover cable at all - however I don't think this is true as the failover unit won't even boot without the serial cable being attached!
Is there any way of disabling the startup boot checks for the serial failover cable?
Second, the documentation suggests that a crossover cable cannot be used for the LAN based failover connection. Don't quite understand why not? How will the PIX know whether I am using a crossover cable or a dedicated hub / switch?
You need to be running 6.2(2), and if you have LAN-based failover configured then yes, you don't need the failover cable. The documentation is correct. The failover unit will definately boot up without the cable plugged in, but if you're seeing something different, please connect a laptop to the console port of the standby and power it up and send us the output.
You CAN use a cross-over, but you shouldn't. If you use a crossover and the cable goes bad or the primary PIX shuts down, the interface on BOTH PIX's will go down, so the standby won't be able to detect that the primary has failed, it'll just think it's own interface has died. If you plug them into a switch, then if the primary goes down, the interface on the secondary is still up and the secondary can therefore detect that the primary has failed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :