Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
571
Views
0
Helpful
1
Replies

6.2 features

rokp
Level 1
Level 1

‎05-16-2002 10:47 PM - edited ‎03-08-2019 10:40 PM

Quote from documentation:

A dedicated LAN interface and a dedicated switch/hub (or VLAN) is required to implement LAN-based failover. You cannot use a crossover Ethernet cable to connect the two PIX Firewalls.

Any special reason you can not use crossover cable? (Not that it is any problem to implement this with a hub or switch, I'm just courious about it.)

Another thing that kind of bothers me is configuration of secondary failover unit when using certificates w/ IPSec. Does that mean that now the private key can be sniffed on this hub/switch? As far as I know there is no way to get the private key in a standalone (single PIX) configuration, but in failover since you don't configure anything on the secondary unit, this key must somehow be transmitted over a (less secure?) link?

ROK

Labels:
0 Helpful
1 Reply 1

thomas.chen
Level 6
Level 6

‎05-23-2002 05:56 AM

The following link suggests you can:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/hig/515.htm

0 Helpful
Customers Also Viewed These Support Documents