I have been told that because we are running two PIX 515's with the 6.3 code along with the old version of PDM (1.1), that the sync that is supposed to happen automatically between the two firewalls may not take place. According to the source, I need to upgrade the pix's to the 3.01 version of PDM and the synchronization will work correctly. However, we are not running the PDM, so why would having an older version of this cause the primary pix to have problems automatically synching with its partner??
Not exactly sure what your source was referring to but as far as I know, there are no failover issues with having the 1.1 version of PDM on your PIX's. As a matter of fact, the PDM binary is not sync'ed between the two units. While it is recommended to have the same version of PDM on both unit's, it is not an absolute requirement based on the above information. Might be time to get some more details from your contact. Hope this helps.
Thanks for your thoughts on this. The reason I had to ask is because my "contact" was a Cisco TAC rep. I opened a case regarding two pix's setup in failover mode do not always synch automatically. He suggested it was due to an old PDM. I don't like to second guess a TAC employee but it sounds like he may be off course with that answer.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...