https://community.cisco.com/t5/network-security/fwsm-failover-help/m-p/1314664#M786752 <HTML><HEAD></HEAD><BODY><P>Thanks. That actually is beginning to make sense. I will test later today.</P></BODY></HTML> Wed, 28 Oct 2009 12:23:17 GMT jfraasch 2009-10-28T12:23:17Z https://community.cisco.com/t5/network-security/fwsm-failover-help/m-p/1314662#M786738 <P>First time configuring the FWSM. I come from the days where firewalls were actually appliances. I know, so 2007!</P><P></P><P>I am having trouble following the nice 700 page guide on the FWSM. I am going through the chapter on Configuring Failover.</P><P></P><P>I ran into an error when configuring the faolover lan interface.</P><P></P><P>Here is what I want to do and hopefully you can walk me through this.</P><P></P><P>I have a server that will be plugged into VLAN 100 on port 6/1 on my CoreA 6513 and CoreB 6513. He will be bonded active/passive. I want him to use a default gateway of 10.10.10.1.</P><P></P><P>I need the FWSM to present the 10.10.10.1 ip address to the server on both the FWSMs. In the olden days (prior to FWSM) I would put an IP of 10.10.10.2 and a standby of 10.10.10.1 on CoreA and an IP of 10.10.10.3 and a standby of 10.10.10.1 on CoreB to make this happen.</P><P></P><P>On both FWSM I have created interface VLAN 100 with name TrafficCtrlA. On FWSM A I put IP 10.10.10.2/24 standby 10.10.10.1 and on FWSM B I put IP 10.10.10.3/24 standby 10.10.10.1.</P><P></P><P>I can add the failover lan unit primary command but then when I add the failover lan interface (if_name) vlan (vlan) part, I get an error that says the interface already exists. Of course it does! I just added it!</P><P></P><P>Not sure what to do with that.</P><P></P><P>Help? Please!</P><P></P><P>James</P><P></P> Mon, 11 Mar 2019 16:32:15 GMT https://community.cisco.com/t5/network-security/fwsm-failover-help/m-p/1314662#M786738 jfraasch 2019-03-11T16:32:15Z https://community.cisco.com/t5/network-security/fwsm-failover-help/m-p/1314663#M786744 <HTML><HEAD></HEAD><BODY><P>On both FWSM A and B, you need configure the IP address of TrafficCtrlA as</P><P>ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2. Yes, both have the same config.</P><P></P><P>Therefore, whoever is active will use IP 10.10.10.1 and the other (standby) will use 10.10.10.2.</P><P></P><P>If TrafficCtr1A is used as server's gateway, it's a normal interface and could not be used as failover link. Here is what doc says "The failover link uses a special VLAN interface that you do not configure as a normal networking interface;"</P><P></P><P>Please follow the config guide for more detail info.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fail_f.html#wp1051895" target="_blank">http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fail_f.html#wp1051895</A></P><P></P></BODY></HTML> Tue, 27 Oct 2009 21:09:36 GMT https://community.cisco.com/t5/network-security/fwsm-failover-help/m-p/1314663#M786744 Yudong Wu 2009-10-27T21:09:36Z https://community.cisco.com/t5/network-security/fwsm-failover-help/m-p/1314664#M786752 <HTML><HEAD></HEAD><BODY><P>Thanks. That actually is beginning to make sense. I will test later today.</P></BODY></HTML> Wed, 28 Oct 2009 12:23:17 GMT https://community.cisco.com/t5/network-security/fwsm-failover-help/m-p/1314664#M786752 jfraasch 2009-10-28T12:23:17Z