PIX in Failover mode

Posted on 2006-06-08
Last Modified: 2013-11-16
I have a PIX with 6 FE ports and VAC. I have bought a FO unit direct from Cisco. I plan on using a Cisco 3560G layer 3 switch for VLANing as well. I have a read a lot about setting this up, but still do not understand some of this stuff.

1) Why would it not be wise to connect all of the FE ports from both PIXs to the same layer 3 switch if you are VLANing? Is it a security concern?
2) Do I have to configure a unique IP for each interface on both PIXs? I Would the below IP scheme work right?
3) And If I assign these interfaces to these VLANs, how do I get them to communicate with a router in the same rack that is managed by a third-party?

***** PUBLIC IPs ARE FAKE*********

E0  (VLAN 55)
E1   (VLAN 248)
E2      (VLAN 11)
E3   (VLAN 240)
E4    unused
E5    unused

E0   (VLAN 55)
E1   (VLAN 248)
E2       (VLAN 11)
E3   (VLAN 240)
E4   unused
E5   unused

????????? OR AM I TOTALLY OFFBASE??????????
Question by:Kjohnsting
    1 Comment
    LVL 11

    Accepted Solution

    1)Typically Physical segragation is better than logical. Simply due to the potential of a misconfiguration of the switch allowing access between Vlans and or exploitation of the switch.

    2)Your addressing scheme seems correct. And yes each interface requires its own ip. What will happen is the FO will take the primary address in the event of FO.

    3) Routes..


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
    Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now