Re: PIX FO Question

haithamnofal · ‎05-28-2006

Hi All,

I have two PIX units for FO purpose; the 2 units have exaclty identical chassis but the only difference is in the VAC+ module where the primary has VAC+ module whileas the secondary does NOT.

Would this affect me from going ahead and implementing the 2 units in FO?

Regards,

Haitham

a.kiprawih · ‎05-28-2006

Hi Haitam,

I don't think it will affect the failover, as Cisco does mentioned the failover requirements for both PIX devices only include:

•Same number and type of interfaces

•Software version

•Activation key type (DES or 3DES)

•Flash memory

•Amount of RAM

•At least ONE unit with UR license and other FO.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html#wp1025358

Rgds,

AK

a.kiprawih · ‎05-28-2006

On the other hand, Cisco also had the statement stating that this card is integrated with PIX 525 unrestricted (UR) and failover (FO) bundles.

*http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_installation_guide_chapter09186a008017279d.html#wp1045408

If your FO unit does not have this card, you probably can still run your VPN services via the PIX OS/software feature. But all VPN processing load will be fully handled by PIX. This probably explain why the hardware like VAC+ is not stated as part of the Failover requirements.

But I think it is best to have this card in your FO unit to resume or provide site-to-site or remote access VPN services on similar capacity and performance. The VAC+ card is meant to offload and provide high VPN services performance in PIX.

*http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b09.html

*http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_data_sheet09186a0080210cd9.html

Rgds,

AK