We have recently deployed a second pix firewall with a failover license for the added redundancy during failures. However I was able to login to the pix setup the PIX and give it an ip address however I am not capable of establishing any network connection. I cannot ping the primary firewall. I have not attached the cisco failover cable and I am planning to use the LAN based failover.
Do I have to do any thing before hands or is there something that must be configured first.
we have two pix 525. with the os of 6.3. one with unristricted license and one with failover license.
one question, would the failover pix work without the unristricted pix connectivity to the box. I know that the failovers config would be erased on reload but would it be capable of connecting to the network by giving it an ip address without it recieving the initial config from the master pix.?
the PIX does not work correctly as a standalone device with only the failover license. Here is the explanation from CCO:
Q. I have two Cisco Secure PIX Firewalls configured in a Failover topology. One has an Unrestricted license and the other has a Failover license. What happens if both PIX Firewalls lose power and only the Failover unit boots back up?
A. The PIX Firewall with the Failover license is intended to be used solely for failover and not in standalone mode. When both PIX Firewalls lose power and only the Failover unit boots back up, it is as if the Failover unit is used in standalone mode. If a Failover unit is used in standalone mode, the unit reboots at least once every 24 hours until the unit is returned to failover duty, when it senses the presence of the primary PIX Firewall.
I am actually thinking of creating a lan based failover. the two pix firewalls will only be connected via ethernet. I had this idea in mind that I would be able to configure IP on the failover and test connectivity eith the failover. the only thing I recieved was time outs. how would this work out in lan based failover if I cant use the failover cable? I thought that the failover had the capabality of network connectivity for testing purposes at least. So what you say is that if I configure the primary with the IP address of the secondry they would connect to each other and act as a redundant pair?.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...