Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
3
Replies

Pix failover question, urgent please help

ubest888
Level 1
Level 1

‎02-20-2004 11:43 AM - edited ‎02-20-2020 11:15 PM

I have read CISCO guide about how to use pix failover. Here are still

a few questions:

1. same version, I have one version 6.3 (2) and the ohter is 6.3 (3).

is it ok for failover.

2. stateful failover:

1) do we need any configuration on the 2nd unit for stateful failover?

if not, just wondering how replication will happen since there is no

config on the 2nd unit at all including interface type.

2) for stateful failover, we only need a crossover cable, not the

failover cable, right?

3) can we connect the two units with both the failover cable (Primary

and secondary on both ends) and crossover cable for failover interface

(for stateful)?

3) should we config unused interface and connect both unused interface

with crossover cable?

TIA

0 Helpful
3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

‎02-20-2004 12:52 PM

Hi,

1-- Not OK, you have to use same version on both

2--

1) If you have connected the serial cable then , no config is required, config required for LAN based failover though.

2) failover cable (either lan cable, or serial cable) is required in addition to a seprate cable (crossover if connecting directly) for statefull.

3) yes, this is ususally what we do. a failover cable for failover communication and a crossover cable for statfull.

4) No, not required to config the unused interfaces.

by the way, try not to use crossover cable, isntead try to use a straight through cable with a switch in between.

Thanks

Nadeem

0 Helpful

ubest888
Level 1
Level 1
In response to nkhawaja

‎02-20-2004 01:56 PM

Thanks.

2 ---

2) and 3).

Stateful need both serial and cat 5. cable, right?

4) I am confused with cisco guide (using pix failover) chapter 10.

on page 10-27 step 2:

"if there are any interface that have not been cobfigued in the non-failover setup. config them at this time with an ip address and a failover ip address. also leave the unused interface unconnected."

on page 10-28 after step 6.

" note:

Pix firewall requies that unused interfaces be connected to the standby unit andthat each unused interface be assigned an ip address. even if an interface is administatively shutdown, the pix firewall will try to send failover check up messages to all internal interface."

page

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to ubest888

‎02-20-2004 02:13 PM

2&3- Yes, (failover uses either serial cable, or can be configured to use lan) for statefull failover, you need cat5

4- not 100% sure, but for unused interfaces, you no need to configure them. could be a document issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card