Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix active/active failover

Hi,

First of all, thanks for your time. I have a question implementing active/active failover on a pix with 7.0. I have two pix 535 with 3 ethernets (inside, outside and failover). Until now they were in active/pasive but I would like to put them in active/active. Is there a way of doing this WITHOUT installing any more ethernet cards? Further more, can this be done using just one context? I found this info:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247e.html#wp1096075

Can I implement it some other way?

Kindest regards,

Fernando

CCIE#144XX CCNP CCDP

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Pix active/active failover

Hello

IMHO the "active/active" is just sales talk. What Cisco means when they saids active/active in pix7/ASA is just load balancing if You are running multiple fw contexts.

For each virtual firewall you setup one physical fw as active, and the other as passive. If you have 4 virutal fw:s (contexts), you set Fw A as active for context 1 and 2, and Fw B as active for context 3 and 4. In that way, when a unit fails, the two contexts that are active on that unit will fail over to the other unit.

If You are not running multiple contexts in your firewalls you cannot use active/active failover.

Sorry, it disappointed me too when I realized...

Regards Jimmy

2 REPLIES
New Member

Re: Pix active/active failover

Hello

IMHO the "active/active" is just sales talk. What Cisco means when they saids active/active in pix7/ASA is just load balancing if You are running multiple fw contexts.

For each virtual firewall you setup one physical fw as active, and the other as passive. If you have 4 virutal fw:s (contexts), you set Fw A as active for context 1 and 2, and Fw B as active for context 3 and 4. In that way, when a unit fails, the two contexts that are active on that unit will fail over to the other unit.

If You are not running multiple contexts in your firewalls you cannot use active/active failover.

Sorry, it disappointed me too when I realized...

Regards Jimmy

New Member

Re: Pix active/active failover

Can we do Active/Active with FWSM blade as well? Of course, assuming i run multi-context...

360
Views
0
Helpful
2
Replies
CreatePlease login to create content