In a failover scenerio, all interfaces that are up need to have an address configured on them. This address needs to be L2 adjacent to the like interface on the backup PIX. I understand your confusion in this case as you have config'ed e3 as a trunk port. One suggestion I would make is to remove one of the logical interfaces and just assign the vlan to the e3 physical interface. Logical interfaces are not required to support 802.1q trunks. In other words, you could do this:
interface ethernet3 100full
interface ethernet3 vlan7 physical
interface ethernet3 vlan19 logical
nameif ethernet3 ftp
nameif vlan19 vpn
ip address ftp x.x.x.x z.z.z.z
ip address vpn y.y.y.y z.z.z.z
** Note that I changed the interface on vlan 7 from logical to physical. This ties vlan7 to the physical interface rather than creating a new logical interface for this traffic.
You would need to change your failover config as well but this resolve the issue. The interface is in a waiting state because it has not seen any hello packets from it's mate PIX. The reason for this is because there is no IP address assigned to the interface, currently anyway.
Nope. By assigning a VLAN to the physical interface, all you are doing is assuring that any frames forwarded from that interface will be tagged with the configured VLAN ID rather than the native VLAN ID (which by default is VLAN 1). Not sure if you have seen this information but if not, it might be worth a read:
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...