Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX LAN failover and statelink?

We are setting up LAN based stateful failover between a pair of 535s and a pair of 515s. All runing 6.3(3). We have had problems trying to run the network failover link across the inside interfaces.

Does anyone know

1. Is it acceptable to run the statelink over a link running at 10Mbps half duplex?

2. Why are there problems running the network failover across the inside interfaces?

3. Has anyone got experience combining the network failover link and the statelink over the same interface.

Thanks.

Richard Lloyd.

Config below

interface ethernet0 100full

interface gb-ethernet0 1000auto

interface ethernet1 100full

interface ethernet2 100full

interface ethernet3 100full

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

interface ethernet6 auto shutdown

interface ethernet7 auto shutdown

interface ethernet8 100full

nameif ethernet0 outside security0

nameif gb-ethernet0 inside security100

nameif ethernet1 state security10

nameif ethernet2 hro_dmz security65

nameif ethernet3 nfuse_priv security60

nameif ethernet4 nfuse_pub security55

nameif ethernet5 home_dsl security30

nameif ethernet6 voice_dsl security70

nameif ethernet7 intf8 security40

nameif ethernet8 lan_failover security45

failover

failover timeout 0:00:00

failover poll 3

failover ip address outside 172.18.126.203

failover ip address inside 158.41.186.213

failover ip address state 10.254.1.252

failover ip address hro_dmz 10.254.2.252

failover ip address nfuse_priv 10.254.3.252

failover ip address nfuse_pub 10.254.4.252

failover ip address home_dsl 10.254.8.252

failover ip address voice_dsl 10.254.9.252

no failover ip address intf8

failover ip address lan_failover 158.41.222.244

failover link state

failover lan unit primary

failover lan interface lan_failover

failover lan key ********

failover lan enable

515

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 auto

interface ethernet3 auto shutdown

interface ethernet4 100full

interface ethernet5 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 state security50

nameif ethernet3 DMZ1 security10

nameif ethernet4 dmzpub security60

nameif ethernet5 dmzpriv security80

failover

failover timeout 0:00:00

failover poll 3

failover ip address outside 172.25.1.221

failover ip address inside 172.18.126.213

failover ip address state 172.25.253.234

no failover ip address DMZ1

failover ip address dmzpub 172.25.4.231

failover ip address dmzpriv 172.25.5.231

failover link state

failover lan unit secondary

failover lan interface state

failover lan key ********

failover lan enable

1 REPLY
Silver

Re: PIX LAN failover and statelink?

I am not sure about the reason why there are problems. However I have also seen issues running failover on the inside interface. Inside interface on primary and secondary were in "Waiting" state aftre the unit has failed. Use the following document if you see any error messages.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemsgs.htm

218
Views
0
Helpful
1
Replies
CreatePlease login to create content