PIX525: Need Failover help

Discussion in 'Cisco' started by Jon Doe, Aug 18, 2006.

  1. Jon Doe

    Jon Doe Guest

    Hi everyone,

    My PIX525 (running PIX 7.1(2)) currently has the failover serial cable
    connected as well as a cross-over cable connected to a 10/100 port (LAN
    failover is not currently enabled though). I've had a couple of unexpected
    failovers happen, and when these happen, we lose connection. This has made
    me want to go ahead and enable LAN failover so as to be able to take
    advantage of not having those network hiccups during failovers. The issue is
    that I actually have gig ports on this FW, but the failover is set up on a
    10/100 port. I understand that it is recommended to have the LAN failover on
    the fastest port.

    The situation with the 2 gig ports I have (both are fiber connected) is that
    Gigport0 is configured as the "inside" interface with no sub interfaces.
    Gigport1 is also enabled, and with 7 subinterfaces. I've heard that it is
    also recommended to dedicate a port to failover rather than having any
    subinterfaces sharing it (is that true?). Note than the "inside" network
    consists of about 10 VLANs... and lots of traffic.

    My idea is to move the "inside" interface to Gigport1 as a subinterface
    thereby freeing up Gigport0 to be used exclusively as the failover port.
    Does this plan seem like a good idea? Is there anything I should watch out
    for? The fiber cable connecting the gig ports are connected to switches...
    would it still work given that primary and secondary PIXs won't be directly
    connected to each other? Also, what if I just enable LAN failover leaving it
    on the 10/100 port?

    Any advice would be greatly appreciated. Thanks!

    Kevin
    Jon Doe, Aug 18, 2006
    #1
    1. Advertising

  2. Jon Doe

    Jon Doe Guest

    Anyone?

    "Jon Doe" <> wrote in message
    news:...
    >
    > Hi everyone,
    >
    > My PIX525 (running PIX 7.1(2)) currently has the failover serial cable
    > connected as well as a cross-over cable connected to a 10/100 port (LAN
    > failover is not currently enabled though). I've had a couple of unexpected
    > failovers happen, and when these happen, we lose connection. This has made
    > me want to go ahead and enable LAN failover so as to be able to take
    > advantage of not having those network hiccups during failovers. The issue
    > is that I actually have gig ports on this FW, but the failover is set up
    > on a 10/100 port. I understand that it is recommended to have the LAN
    > failover on the fastest port.
    >
    > The situation with the 2 gig ports I have (both are fiber connected) is
    > that Gigport0 is configured as the "inside" interface with no sub
    > interfaces. Gigport1 is also enabled, and with 7 subinterfaces. I've heard
    > that it is also recommended to dedicate a port to failover rather than
    > having any subinterfaces sharing it (is that true?). Note than the
    > "inside" network consists of about 10 VLANs... and lots of traffic.
    >
    > My idea is to move the "inside" interface to Gigport1 as a subinterface
    > thereby freeing up Gigport0 to be used exclusively as the failover port.
    > Does this plan seem like a good idea? Is there anything I should watch out
    > for? The fiber cable connecting the gig ports are connected to switches...
    > would it still work given that primary and secondary PIXs won't be
    > directly connected to each other? Also, what if I just enable LAN failover
    > leaving it on the 10/100 port?
    >
    > Any advice would be greatly appreciated. Thanks!
    >
    > Kevin
    >
    >
    >
    Jon Doe, Aug 19, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alec Waters
    Replies:
    0
    Views:
    1,491
    Alec Waters
    Jun 9, 2004
  2. domini

    pix525

    domini, Oct 18, 2004, in forum: Cisco
    Replies:
    4
    Views:
    772
  3. Hoffa
    Replies:
    4
    Views:
    1,019
    Hoffa
    Nov 8, 2006
  4. Brian
    Replies:
    1
    Views:
    329
    Martin Bilgrav
    Aug 17, 2007
  5. Pit
    Replies:
    0
    Views:
    1,117
Loading...

Share This Page