If I use two firewalls in redundant configuration and the PIX terminates IPSec, do the active and standby PIX replicate IPSec and IKE session information (spi number, actual DES key, packet sequence, ...) or in case of the active PIX fails does the standby pix (that goes active) reinitialize the IPSec/IKE connection with the remote peer?
It means that the standby PIX (just has went active) will renegotiate the IKE and IPSec sessions. Does the remote side (in case of PIX and in case of IOS)accept it? It gets a packet with the same source address and will see that this PIX has forgotten the SAs and wants to renegotiate it...
If your secondary PIX ever becomes active when you have established IPSec connections to your primary PIX, the secondary will attempt to re-establish itself with each peer you have configured.
I haven't run into any problems with PIX to PIX VPN sessions after a failover, but results may vary in the IOS side of things. I would assume that the IOS Routers will operate in the same fasion as the PIX's and just recreate the VPN session.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...