Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515E failover

I have a pair of PIX 515E (6.3) running in failover mode. They are currently connecting to a single chassis core. We are upgrading our network with dual 6500's at the core. Is there a way to connect each PIX to a separate core (PIX 1 - Core1, PIX 2 - Core2) to allow for a core failure?

Core 1 and Core 2 will have a L2 link between them. If the current active PIX is connected to Core1, and Core 1 dies, this would not cause the failover PIX to take over. All LAN traffic would be going through Core 2, but since it does not have an active path to the active PIX 1, traffic would drop. Is my thinking correct?

Is there a way to connect the PIX's to dual cores running V6.3?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX 515E failover

Hi,

If you are using cable-based failover, you can change to LAN based failover.

Read http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html#wp1024836

I hope this helps.

Best regards.

Massimiliano.

6 REPLIES

Re: PIX 515E failover

Hi,

If you are using cable-based failover, you can change to LAN based failover.

Read http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html#wp1024836

I hope this helps.

Best regards.

Massimiliano.

New Member

Re: PIX 515E failover

We are using cable based. I will look into the LAN based.

Thanks

Re: PIX 515E failover

You're welcome,

Massimiliano.

New Member

Re: PIX 515E failover

When running LAN based failover, I see the statefull link only needs two addresses, so I can use a /30 network.

Will the failover network ever need more than 2 addresses? I'm trying to determine which network to carve up for my failover since we are re-addressing as part of this upgrade.

Re: PIX 515E failover

No.

And in fact you could use any network you want (1.1.1.0/30, 192.168.0.0/24...) as you will (should) never route traffic on that network.

Don't forget to trunk that vlan between the two 6500.

New Member

Re: PIX 515E failover

thanks

330
Views
5
Helpful
6
Replies