Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX Failover 1

Status
Not open for further replies.
HTY

HTY

IS-IT--Management
Sep 26, 2002
37
FR
Hi,
I have 2 PIX units in a LAN failover enviroment, each of the 2 units have:
- 1 outside connection.
- 1 inside connection.
- 1 LAN Failover link to the other unit.
- 1 Stateful Failover link to the other unit.

1st question:
What happens if a failure happens on the LAN FO Cable? will the hello messages go through the other interfaces (inside, outside ans stateful FO)? will the PIX units change their roles?

2st question:
What happens if a failure happens on the Stateful FO cable? Will the state synchronization messages go through the other interfaces (inside, outside and LAN failover)? )? will the PIX units change their roles?

3rd question:
What happens if a failure happens on both Stateful and LAN FO cables???

Thanks for your answers.


Hicham
 
Sort by date Sort by votes
The hello packets sent across the Ethernet interfaces merely determine if the interfaces are up and working. They do not send failover status messages (unless the interface is configured as the LAN failover int).

Answers to the questions:

1st question
If the failover cable is severed or unplugged from EITHER unit, failover switching is disabled. Whichever unit was active at the time remains active.

2nd question
A failure in the stateful failover cable would disable stateful failover. Stateful messages do not go through the network interfaces. "Regular" failover would continue to work.

3rd question
Switching would be disabled as well as stateful failover. The primary unit would continue to function.
 
Upvote 0 Downvote
you have two pix firwall and statful failover is configured proper, if on usit fails, the other unit will
assume the roll. Taking all the ip address, an the complate configuration of the failed unit. you the admin will know somthing happeen, but the users will not be effcted.
 
Upvote 0 Downvote
To all,

My question is:

1. Can you configure the Fiber failover cable for all failover and eliminate the statefule failover cable (serial?)

IE: Do you need both cables connected for proper operation?

thanks

Steve
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
TierOneTech
  • Locked
  • Question
TZ105 - can I define a second WAN interface for failover?
Replies
1
Views
77
jcarmichael1203
jcarmichael1203
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
71
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
138
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
58
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top