02-20-2004 11:43 AM - edited 02-20-2020 11:15 PM
I have read CISCO guide about how to use pix failover. Here are still
a few questions:
1. same version, I have one version 6.3 (2) and the ohter is 6.3 (3).
is it ok for failover.
2. stateful failover:
1) do we need any configuration on the 2nd unit for stateful failover?
if not, just wondering how replication will happen since there is no
config on the 2nd unit at all including interface type.
2) for stateful failover, we only need a crossover cable, not the
failover cable, right?
3) can we connect the two units with both the failover cable (Primary
and secondary on both ends) and crossover cable for failover interface
(for stateful)?
3) should we config unused interface and connect both unused interface
with crossover cable?
TIA
02-20-2004 12:52 PM
Hi,
1-- Not OK, you have to use same version on both
2--
1) If you have connected the serial cable then , no config is required, config required for LAN based failover though.
2) failover cable (either lan cable, or serial cable) is required in addition to a seprate cable (crossover if connecting directly) for statefull.
3) yes, this is ususally what we do. a failover cable for failover communication and a crossover cable for statfull.
4) No, not required to config the unused interfaces.
by the way, try not to use crossover cable, isntead try to use a straight through cable with a switch in between.
Thanks
Nadeem
02-20-2004 01:56 PM
Thanks.
2 ---
2) and 3).
Stateful need both serial and cat 5. cable, right?
4) I am confused with cisco guide (using pix failover) chapter 10.
on page 10-27 step 2:
"if there are any interface that have not been cobfigued in the non-failover setup. config them at this time with an ip address and a failover ip address. also leave the unused interface unconnected."
on page 10-28 after step 6.
" note:
Pix firewall requies that unused interfaces be connected to the standby unit andthat each unused interface be assigned an ip address. even if an interface is administatively shutdown, the pix firewall will try to send failover check up messages to all internal interface."
page
02-20-2004 02:13 PM
2&3- Yes, (failover uses either serial cable, or can be configured to use lan) for statefull failover, you need cat5
4- not 100% sure, but for unused interfaces, you no need to configure them. could be a document issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide