supportguy99
asked on
PIX stateful failover config help
I wish to implement a failover between two 515e's
It needs to be stateful.
failover ip address inside 192.168.1.x
failover ip address outside 217.xxx.xxx.x
nameif ethernet2 state security25
interface ethernet2 100full
ip address state 217.xxx.xxx.x 255.255.255.0
failover ip address state 217.xxx.xx.x
failover link state
Is this config correct? or is there anything else I need to add. Also do I need to put any config on the second PIX?
Thanks
It needs to be stateful.
failover ip address inside 192.168.1.x
failover ip address outside 217.xxx.xxx.x
nameif ethernet2 state security25
interface ethernet2 100full
ip address state 217.xxx.xxx.x 255.255.255.0
failover ip address state 217.xxx.xx.x
failover link state
Is this config correct? or is there anything else I need to add. Also do I need to put any config on the second PIX?
Thanks
Previous EE Solution may be helpful as well.
Setting up failover on Cisco PIX 515E firewalls:
https://www.experts-exchange.com/questions/20716348/Setting-up-failover-on-Cisco-PIX-515E-firewalls.html
Setting up failover on Cisco PIX 515E firewalls:
https://www.experts-exchange.com/questions/20716348/Setting-up-failover-on-Cisco-PIX-515E-firewalls.html
Previous EE Solution:
Ciso PIX 515e in Failover Config- Walkthrough:
https://www.experts-exchange.com/questions/21326240/Ciso-PIX-515e-in-Failover-Config-Walkthrough-help.html
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html
--------------------------
<I wish to implement a failover between two 515e's ... It needs to be stateful.>
Config/Example -- Failover Communication --
Frequently Asked Failover Questions -- Stateful Failover Questions --
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config/failover.htm
Ciso PIX 515e in Failover Config- Walkthrough:
https://www.experts-exchange.com/questions/21326240/Ciso-PIX-515e-in-Failover-Config-Walkthrough-help.html
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html
--------------------------
<I wish to implement a failover between two 515e's ... It needs to be stateful.>
Config/Example -- Failover Communication --
Frequently Asked Failover Questions -- Stateful Failover Questions --
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config/failover.htm
ASKER
Ive read all those guides before....I just want to know if what I've written down is correct.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
But the LAN connection can just be a crossover cable?
and I would still use the failover cable too.
and I would still use the failover cable too.
You need to connect using a switch. Crossover cables are not recommended.
Using a failover cable for the heartbeats, and LAN cable for state sharing is fine.
Using a failover cable for the heartbeats, and LAN cable for state sharing is fine.
Do you need more information?
Have you resolved this problem?
Can you close this question?
Thanks!
Have you resolved this problem?
Can you close this question?
Thanks!
http://www.cisco.com/warp/public/110/failover.html
You can only achieve stateful failover if you configure over the LAN, instead of going via the failover cable.