https://community.cisco.com/t5/network-security/pix-failover-ip-reachability/m-p/771890#M986233 <P>In a typical Active/standby failover scenario, is it complulsory to have an IP reachability between a pair of interfaces ? For e.g DMZ interface on Primary is 192.168.55.1/24 and on secondary is 192.168.55.2/24. Can failover work normally if there is no connectivity between 192.168.55.1 and 192.168.55.1 ?</P><P></P><P>All the 4 tests i.e.</P><P>1. Link Up/Down test</P><P>2. Network Activity test</P><P>3. ARP test</P><P>4. Broadcast Ping test</P><P></P><P>can be passed without reachablity between the interface pairs.</P><P></P><P> Can somebody explain this and correct me on this?</P> Mon, 11 Mar 2019 10:34:21 GMT swapnendum 2019-03-11T10:34:21Z https://community.cisco.com/t5/network-security/pix-failover-ip-reachability/m-p/771890#M986233 <P>In a typical Active/standby failover scenario, is it complulsory to have an IP reachability between a pair of interfaces ? For e.g DMZ interface on Primary is 192.168.55.1/24 and on secondary is 192.168.55.2/24. Can failover work normally if there is no connectivity between 192.168.55.1 and 192.168.55.1 ?</P><P></P><P>All the 4 tests i.e.</P><P>1. Link Up/Down test</P><P>2. Network Activity test</P><P>3. ARP test</P><P>4. Broadcast Ping test</P><P></P><P>can be passed without reachablity between the interface pairs.</P><P></P><P> Can somebody explain this and correct me on this?</P> Mon, 11 Mar 2019 10:34:21 GMT https://community.cisco.com/t5/network-security/pix-failover-ip-reachability/m-p/771890#M986233 swapnendum 2019-03-11T10:34:21Z https://community.cisco.com/t5/network-security/pix-failover-ip-reachability/m-p/771891#M986234 <HTML><HEAD></HEAD><BODY><P>No it cannot work.</P><P></P><P>Each of your failover cluster member sends "probes" to his mate on each monitored interface.</P><P></P><P>If it cannot join the other one, it becomes active then.</P><P></P><P>Regards,</P><P></P><P>Gaetan</P></BODY></HTML> Mon, 25 Jun 2007 09:44:48 GMT https://community.cisco.com/t5/network-security/pix-failover-ip-reachability/m-p/771891#M986234 gaetan.allart 2007-06-25T09:44:48Z https://community.cisco.com/t5/network-security/pix-failover-ip-reachability/m-p/771892#M986235 <HTML><HEAD></HEAD><BODY><P>Hi .. if the status of the interface (either from layer 1 to layer 3) is not OK, then the failver is triggered. If you are tying not to monitor one interface then you can do that by adding the no monitor-interface if_name command from global config mode. Failover will work as normal but will not check the status of the interface where you entered the mentioned command. by the way the command is on code 7.0 and above</P><P></P><P>I hope it help .. please rate it if it does !!!</P><P></P><P></P></BODY></HTML> Mon, 25 Jun 2007 10:55:07 GMT https://community.cisco.com/t5/network-security/pix-failover-ip-reachability/m-p/771892#M986235 Fernando_Meza 2007-06-25T10:55:07Z