Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
1
Replies

Pix 525 Failover setup

mrembetsy
Level 1
Level 1

‎08-19-2004 08:14 PM - edited ‎02-20-2020 11:34 PM

I have started to setup an environment for two Pix 525's that will be performing failover. I haven't done this before so I think I might need some help.

Both pixes are exactly the same software excecpt one has a 3des license and the other does.

Anyhow, I can't afford any disconnects (xlate not copying etc) if there is a failover so from what I have been reading it sounds like a stateful failover is the way to go.

<http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/failover.htm#wp1060018>

I am a bit confused though with the physical connections as I see a failover connection and a state connection both seperate vlans and it looks like the failover can be lan based (ie own vlan etc) and the stateful is also ip based (seems like this does the synching?). How do these work together? Cisco recoomends a switch in between why not a cross-over?

Ideally I would like to have

6509(1) 6509(2)

| |

--3550 Switch---(trunk)

(e0)| |(e0)

| |

Pix-(Switch)--Pix

(e1)| |(e1)

| |

3548-------3548

| |

Rest of Network Layer 2 with NAT

I am just having a little design trouble and was hoping someone could suggest a better design/outline. Thanks in advanced.

Mike

0 Helpful
1 Reply 1

mrembetsy
Level 1
Level 1

‎08-20-2004 06:53 AM

Hi all,

Well I figured a bit more out about the failover setup on my own here. I understand now that the link for failover is seperate from the actual stateful failover connection. Must of been a rough night for me. This does lead me to a couple other questions which I just can't find an anwser on.

What is better lan based or cable based.

Also I notcied that in order to have a stateful failover you need to have a stateful license from cisco. how can I tell if I have this to setup either LAN based stateful or cable based stateful failover. Below is the show ver from my pix

Cisco PIX Firewall Version 6.2(2)

Compiled on Fri 07-Jun-02 17:49 by morlee

XXXXXXXX up 130 days 19 hours

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash E28F400B5T @ 0xfffd8000, 32KB

0: ethernet0: address is , irq 10

1: ethernet1: address is , irq 11

2: ethernet2: address is , irq 11

3: ethernet3: address is , irq 10

4: ethernet4: address is , irq 9

5: ethernet5: address is , irq 5

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES: Disabled

Maximum Interfaces: 8

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

Serial Number: XXXXXXXXX (XXXXXXXXXX)

Running Activation Key: XXXXXXXXX XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX

Configuration last modified by enable_15 at 10:30:27.416 UTC Fri Aug 20 2004

Thanks

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card