https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407828#M742628 <P><SPAN style="font-family: arial,helvetica,sans-serif;">Hi</SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"> I was reading this documentation <BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml</A><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">for doing active/active failover using pix 8.0. But I have the impresion that the concept of stanby used on pix firewall is not the same as this used on cisco router.</SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">i think that the command<BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><SPAN class="content"><PRE><SPAN style="font-weight: normal; font-style: italic;"><BR /></SPAN></PRE></SPAN></SPAN></P><P><EM><STRONG>ip address active_addr netmask standby standby_addr</STRONG></EM></P><P></P><P>does not means that standby_addr will be use as the gateway for a network but the ip address of the stanby unit.</P><P>If i do this on the failover interface I dont see the point of doing if for every interface or subinterface the contexts&nbsp; have?</P><P></P><P>Can someone explained that clearly?</P><P></P><P>thanks</P> Mon, 11 Mar 2019 17:16:44 GMT roussillon 2019-03-11T17:16:44Z https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407828#M742628 <P><SPAN style="font-family: arial,helvetica,sans-serif;">Hi</SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"> I was reading this documentation <BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml</A><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">for doing active/active failover using pix 8.0. But I have the impresion that the concept of stanby used on pix firewall is not the same as this used on cisco router.</SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">i think that the command<BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><SPAN class="content"><PRE><SPAN style="font-weight: normal; font-style: italic;"><BR /></SPAN></PRE></SPAN></SPAN></P><P><EM><STRONG>ip address active_addr netmask standby standby_addr</STRONG></EM></P><P></P><P>does not means that standby_addr will be use as the gateway for a network but the ip address of the stanby unit.</P><P>If i do this on the failover interface I dont see the point of doing if for every interface or subinterface the contexts&nbsp; have?</P><P></P><P>Can someone explained that clearly?</P><P></P><P>thanks</P> Mon, 11 Mar 2019 17:16:44 GMT https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407828#M742628 roussillon 2019-03-11T17:16:44Z https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407829#M742647 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>Other fact if the context in active failover-group provides the configuration for the corresponding context in standby failover-group I do not see the reason of creating stanby ip address for each interface exept for those used as&nbsp; failover interfaces.</P><P></P><P>please correcxt me if i am wrong!!</P><P></P><P>thanks</P></BODY></HTML> Tue, 02 Mar 2010 20:42:57 GMT https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407829#M742647 roussillon 2010-03-02T20:42:57Z https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407830#M742659 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>roussillon wrote:</P><P></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">Hi</SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"> I was reading this documentation <BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml</A><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">for doing active/active failover using pix 8.0. But I have the impresion that the concept of stanby used on pix firewall is not the same as this used on cisco router.</SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">i think that the command<BR /></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><SPAN class="content"><PRE><SPAN style="font-weight: normal; font-style: italic;"><BR /></SPAN></PRE> </SPAN></SPAN></P> <P><EM><STRONG>ip address active_addr netmask standby standby_addr</STRONG></EM></P> <P></P> <P>does not means that standby_addr will be use as the gateway for a network but the ip address of the stanby unit.</P> <P>If i do this on the failover interface I dont see the point of doing if for every interface or subinterface the contexts&nbsp; have?</P> <P></P> <P>Can someone explained that clearly?</P> <P></P> <P>thanks</P> </PRE><P></P><P>You are correct in that the standby address is never used as the gateway for the clients. It is used for 2 reasons -</P><P></P><P>1) so you can connect to the standby firewall</P><P></P><P>2) so the firewalls can monitor each others state on those interfaces</P><P></P><P>You don't need to configure every interface with a standby address if you don't want to and sometimes you don't if you are using public IP addressing on the interfaces. If you are using private addressing i can't see any reason why you wouldn't use a standby address to be honest.</P><P></P><P>Jon</P></BODY></HTML> Tue, 02 Mar 2010 20:44:07 GMT https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407830#M742659 Jon Marshall 2010-03-02T20:44:07Z https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407831#M742676 <HTML><HEAD></HEAD><BODY><P>Thanks</P><P></P><P>I have read again the cisco documentation</P><P></P><P>and standby ip for each interface or subinterface(in case of vlans) is used for failover in context level</P><P>cited by cisco documentation</P><P></P><P><SPAN class="content"></SPAN></P><P>Failover is triggered at the failover group&nbsp; level when one of these &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; events occurs:</P><UL><LI><P>Too many monitored interfaces in the group fail.</P></LI><LI><P>The <STRONG>no failover active group group_id</STRONG> or &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<STRONG>failover active group group_id</STRONG> command is &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;entered.</P></LI></UL><P></P><P>Of cause we have to monitor those interfaces.</P><P></P><P>Thanks again.</P><P></P></BODY></HTML> Tue, 02 Mar 2010 21:53:10 GMT https://community.cisco.com/t5/network-security/standby-on-active-active-failover/m-p/1407831#M742676 roussillon 2010-03-02T21:53:10Z