PIX Failover and Redundancy switch replacemnet
Posted on 2006-11-11
I have got this scenario :
Outside (internet)—switch 1—Primary PIX—Core1-----LAN
Outside (internet) –Switch 2—Secondary PIX—Core2-----LAN
Switch 1------Switch 2 (connected via Ethernet link trunk)
Primary PIX------Secondary PIX (connected through failover cable via serial interface)
core 1------core 2 (connected via ethernet link trunk)
VPN concentrator is connected between switch 1 (active) and core 1
We have got active outside switch 1 (2950) , active primary pix (525) , and active core 1 (4000),,,,,
And also we have got inactive outside switch 2 (2950) , inactive secondary pix (525), and inactive core 2 (4000).
Redundancy has been taken in consideration
1- If primary PIX fails, the standby PIX (secondary) will take over (obvious), now does core 1 (active) will be replaced by core 2, because secondary PIX takes over ?
2- In the similar way does switch 1 (active) will be replaced by switch 2, because secondary PIX takes over?
3- Does the same thing happen to PIX, if switch 1 fails or core 1 fails? (i.e. if switch 1, obviously switch 2 takes over , does that mean the primary PIX will be replaced by secondary one )
4- If VPN fails, Shouldn’t there have been redundancy? (i.e. Is this a drawback in design