Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
0
Helpful
1
Replies

Consolidating PIXs , is "same-security-traffic" required?

cbialobzyski
Level 1
Level 1

‎03-18-2006 01:36 PM - edited ‎02-21-2020 12:47 AM

We currently have our Central Office and 4 remote sites all with PIXs (515) connecting with a meshed LAN to LAN tunnels using a service provider network. All either 7.02 Central Office also has a second PIX 515 (v 6.34)that connects via wireless, two campus buildings, each with a 515, also with seperate LAN to LAN tunnels. One is running 7.04 the other not currently connected.

We have added a third interface in the Central Office PIX & would like to

eliminate the second Central Office "wireless" PIX.

Two questions (1) is "same-security-traffic" required to make this work (2) When communicating between the one endpoint of wireless network to the a PIX terminating on the Service provider side will the traffic encapsulate and decapsulate twice, or once?

Thanks in advance for your input.

0 Helpful
1 Reply 1

ebreniz
Level 6
Level 6

‎03-23-2006 10:46 AM

The two units must have the exact same configuration and must run the same software version. This is easily accomplished, since configuration replication occurs over the failover cable, or from the LAN interface configured with failover lan interface interface_name command, from the active unit to the standby unit in these ways:

When the standby unit completes its initial boot-up, the active unit replicates its entire configuration to the standby unit. This occurs if you use a failover cable because you need the initial configuration on both the primary and secondary units in order to identify them as primary and secondary units. This feature has been introduced to overcome the serial cable length and speed.

As commands are entered on the active unit, they are sent across to the standby unit.

When you enter the write standby command on the active unit, you force the entire configuration to memory on the standby unit.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card