Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix failover question, urgent please help

I have read CISCO guide about how to use pix failover. Here are still

a few questions:

1. same version, I have one version 6.3 (2) and the ohter is 6.3 (3).

is it ok for failover.

2. stateful failover:

1) do we need any configuration on the 2nd unit for stateful failover?

if not, just wondering how replication will happen since there is no

config on the 2nd unit at all including interface type.

2) for stateful failover, we only need a crossover cable, not the

failover cable, right?

3) can we connect the two units with both the failover cable (Primary

and secondary on both ends) and crossover cable for failover interface

(for stateful)?

3) should we config unused interface and connect both unused interface

with crossover cable?

TIA

3 REPLIES
Cisco Employee

Re: Pix failover question, urgent please help

Hi,

1-- Not OK, you have to use same version on both

2--

1) If you have connected the serial cable then , no config is required, config required for LAN based failover though.

2) failover cable (either lan cable, or serial cable) is required in addition to a seprate cable (crossover if connecting directly) for statefull.

3) yes, this is ususally what we do. a failover cable for failover communication and a crossover cable for statfull.

4) No, not required to config the unused interfaces.

by the way, try not to use crossover cable, isntead try to use a straight through cable with a switch in between.

Thanks

Nadeem

New Member

Re: Pix failover question, urgent please help

Thanks.

2 ---

2) and 3).

Stateful need both serial and cat 5. cable, right?

4) I am confused with cisco guide (using pix failover) chapter 10.

on page 10-27 step 2:

"if there are any interface that have not been cobfigued in the non-failover setup. config them at this time with an ip address and a failover ip address. also leave the unused interface unconnected."

on page 10-28 after step 6.

" note:

Pix firewall requies that unused interfaces be connected to the standby unit andthat each unused interface be assigned an ip address. even if an interface is administatively shutdown, the pix firewall will try to send failover check up messages to all internal interface."

page

Cisco Employee

Re: Pix failover question, urgent please help

2&3- Yes, (failover uses either serial cable, or can be configured to use lan) for statefull failover, you need cat5

4- not 100% sure, but for unused interfaces, you no need to configure them. could be a document issue.

90
Views
0
Helpful
3
Replies