Reading the failover configuration prerequisites for PIX firewall, they suggest that when a Cisco switch is used, the trunking should be turned off on switch ports where the PIXs will be connected.
Instead, when vlans (logical interfaces) should be configured on a PIX, the trunking protocol 802.1q should be used. I have tried a long to find any more information or technical tip on CCO about that subject, but i cannot. I would great appreciate any information or idea about it.
Re: PIX os version 6.3 - VLANs and Failover support
They probably mean that configurations where VLAN is used for failover instead of (dedicated) physical link are not supported. Unfortunately it is unclear do they mean "stateful failover link" or "LAN-based failover link".
So, I can only reiterate to ALL:
Is it possible to use VLAN for stateful failover?
Is it possible to use VLAN for LAN-based failover?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...