Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations sizbut on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX-525 "Ethernet Only" Failover Question

Status
Not open for further replies.
rsp11

rsp11

IS-IT--Management
Nov 28, 2002
25
GB
Hi All,
We have 2x PIX-525 v6.0(2) with:[ol][li]Serial Failover cable (Cisco special RS-232)[/li] [li]Ethernet Stateful Cable [/li][li] 8 Ethernet ports, 7 used with 1 spare [/li][/ol]Questions?[ol][li]We need to locate these boxes in separate buildings so I need to replace the serial cable with Ethernet. I know I'll need to upgrade to v6.2 but I can't find any resources on the net either from Cisco or anyone else detailing how it is done, i.e. a step-by-step guide. Can anyone help?[/li][li]Can this change be done without downtime, i.e. can I turn off and disconnect the primary, upgrade and reconfigure it, reconnect it to take over as primary (may be no stateful) then do the same with the secondary??[/li][/ol]
 
Sort by date Sort by votes
Upgrade both PIX's to 6.2 or 6.3.1 first.
Then before unhooking the serial cable, enter these commands into the Primary (active) PIX.

failover link nameoffointerface
failover lan unit primary
failover lan interface nameoffointerface
failover lan key myFOpassword

Then issue a write memory
Then issue a write standby
After the syc completed text is seen, you can disconnect the secondary pix and stick it in the other building. If then want the secondary PIX to become the primary PIX, then telnet to the primary PIX and type "failover lan unit secondary".

Definatly upgrade the PIX os first so you can do this with the least amount of downtime. There will be some downtime when you upgrade the PIX's and do the failing over.

-Bad Dos
 
Upvote 0 Downvote
Thanks for that baddos [cheers]

If I make the Secondary the active box, then upgrade the Primary. When I bring the Primary back online, what state will the pair be in? i.e., will I then be able to perform a "stateful" failover back to the Primary or will it be a none-stateful failover.
I am asking this because I've read that both boxes must be at the same level to achieve stateful failover.
I don't mind taking a hit, I just need to be sure I will be...[flush]
 
Upvote 0 Downvote
You need to have one box turned off when you upgrade the OS. THen when it's upgraded, turn it off and repeat the process on the other PIX. You can't have the PIX in failover where they are running different versions.

Your PIX won't be a stateful failover until you have the failover lan option on. But in either case, it doesn't matter which one is active.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for "Any" keyword
Replies
0
Views
104
DROFNUD
DROFNUD
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
635
intel233
intel233
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
157
brownmab53
brownmab53
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
114
xwray
xwray
TierOneTech
  • Locked
  • Question
TZ105 - can I define a second WAN interface for failover?
Replies
1
Views
121
jcarmichael1203
jcarmichael1203

Part and Inventory Search

Sponsor

Back
Top