Re: [fw-wiz] PIX stateful failover and separate external circuits
- From: Florin Andrei <florin@xxxxxxxxxxxxxxx>
- Date: Fri, 16 Feb 2007 09:31:39 -0800
James Burns wrote:
Hi Florin,
The information you have been given is correct. For a Pix to support
stateful failover, a dedicated LAN interface between the two units is
required. You can read more here:
http://www.cisco.com/warp/public/110/failover.html#statefulfailover
Exactly. I just realized I've seen this a while ago - I had a pair of
PIXes in a failover configuration, each one connected to a different
switch, and the inter-connection between switches broke. The firewalls
went nuts trying to kickstart the failover process.
So yeah, the interfaces of the primary and the secondary need to be in
the same LAN segment.
--
Florin Andrei
http://florin.myip.org/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] PIX stateful failover and separate external circuits
- From: Florin Andrei
- Re: [fw-wiz] PIX stateful failover and separate external circuits
- From: James Burns
- [fw-wiz] PIX stateful failover and separate external circuits
- Prev by Date: Re: [fw-wiz] TFTP over vpns
- Next by Date: Re: [fw-wiz] Need help configuring client-side VPN to Cisco 2801
- Previous by thread: Re: [fw-wiz] PIX stateful failover and separate external circuits
- Next by thread: Re: [fw-wiz] PIX stateful failover and separate external circuits
- Index(es):
Relevant Pages
|
