Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
4
Replies

LAN Base versus Crossover cable statefull Failover

aessome
Level 1
Level 1

‎11-15-2003 05:05 AM - edited ‎03-09-2019 05:32 AM

could any one tel me the better configuration method for failover ?

Thanks

AFE

Labels:
0 Helpful
4 Replies 4

scoclayton
Level 7
Level 7

‎11-15-2003 06:39 AM

Hi,

I am not 100% sure exactly what you are asking because LAN based failover and staeful failover are not comparable ways to do failover. Failover can either be LAN based (using an ethernet cable on a dedicated interface) or you can use the serial failover cable. If this is what you are asking, then the preferred method is still to use the serial cable. The reason for this is because there is a lead in the serial cable that is solely dedicated to detecting power loss on the other side. As a result, failover detection due to power loss on the other side occurs faster. If the two PIX's are physically more than 6 feet apart, then you will be limited to using LAN based failover. This solution works well outside of detecting a power loss on the mate quickly.

Stateful failover can be used (although, it is not required) with both methods. Stateful failover is the method we use to share state between the two PIX's so if a failover occurs, the stand-by PIX is able to seemlessly continue the current conns from the primary.

Hope this helps.

Scott

0 Helpful

aessome
Level 1
Level 1
In response to scoclayton

‎11-16-2003 05:36 AM

Hello Scott,

Thanks for yopur replay. At the moment i have a statefull failover with a dedicated serial cable and an crossover cable connected to both PIXs. My problem is: sometimes ( min. One time a week) the Pix is making an unnecessary failover and the losing of VPN Connections are not nice for the customer because 4000 Remote users must setup a new connection to the PIX. what cann be causing this Probl ?

design:

ISP ISP

| |

Router1 Router2

| |

| |

Switch1 Switch2

| |

| |

PIX1----Ethe Crossover cable -----PIX2

----Serial Failover cable-----

| |

| |

Switch1 Switch2

| |

LAN LAN

0 Helpful

scoclayton
Level 7
Level 7
In response to aessome

‎11-17-2003 05:39 AM

OK, so we are actually trying to determine why a failover is occuring. Best course of action to get started in this case is to setup a syslog server (if you don't already have one) and see what the logs say when the failover occurs. Once you get this info, let us know and we can help you narrow in on the problem. Too many possibilities to speculate at this point.

Scott

0 Helpful

pavlosd
Level 2
Level 2

‎11-15-2003 12:22 PM

To be honest, I am quite confused with the way you put it. I suppose you mean, have dedicated interface for failover or use a "traffic" interface for LAN failover. The best is of course to have a dedicated interface. Reason is the performance is affected by the traffic. A lan failover is a shared interface with LAN. moreover new PIX ios configurations offer advanced failover options that sometimes require Gigabit ethernet. I am using the interface dedicated failover and I am quite happy with it.

0 Helpful
Customers Also Viewed These Support Documents