Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Change IP interface of Pix. Will it failover?

I have two PIXes on Active-failover setup. I need to change one DMZ interface to public address. Will the setup failover once i do this?

Thanks!

2 REPLIES

Re: Change IP interface of Pix. Will it failover?

If you take the DMZ interface on Active unit, it will. But not if you use DMZ port on Standby unit.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html#wp1051278

HTH

AK

Re: Change IP interface of Pix. Will it failover?

BTW, since one of the DMZ interface will be used for something else, you might need to exclude both DMZ from participating in failover before connecting the port to public interface.

Remove it from Standby unit first, which will break the failover communication for a while.

Your Active/Primary PIX unit will remain active.

Then remove the DMZ on Active unit, and configure it with your required config.

Issue 'no failover', then execute 'failover' command again.

Check the failover status 'sh failover'. Your inside & outside interfaces should still be active in Primary unit. Go to Standby/secondary PIX, check the failover status. If not sync, issue 'no failover' command, followed by 'failover' command only.

This will synch both Active & Standby unit without triggering failover.

*do not use 'failovcer active', as this will force Standby unit to become active.

HTH

AK

121
Views
0
Helpful
2
Replies
CreatePlease to create content