11-07-2001 03:42 AM - edited 03-08-2019 09:05 PM
Is possible to connect two pix in mode failover without failover cable
11-07-2001 10:39 AM
NO, the failover cable is what makes failover possible. The cable is configured so that one end connects specifically to the failover PIX and one end connects to the Master PIX. When you plug in the secondary PIX it automatically downloads a copy of the config. You can add an aditional cable called a "stateful" failover cable. This allows failover without dropping connections. I once dialed up to an external ISP, made a VPN connection to our PIX, walked back to the wiring room and pulled the plug on the main PIX firewall. The VPN connection stayed up... didn't miss a beat. Now that is a nice feature!
11-16-2001 10:03 AM
Most of your information is correct however Stateful failover does nor replicate any sa information and therefore VPN connections will not stay up.
If you know of some undocumented feature please let me know however I suspect you just reconnected with a pre-shared key.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide