PIX - Configuring External CA on failover setup

Discussion in 'Cisco' started by Andy M, Jun 22, 2005.

  1. Andy M

    Andy M Guest


    I have a failover pair of Cisco PIX 515E's connecting accross the Internet
    to a Cisco VPN concentrator.
    We are using Certificates to authenticate the solution.

    Now we have the primary PIX up and running correctly and its has
    authenticated and enrolled to the CA and the VPN connection works fine to
    the concentrator.
    However when i was testing the failover i could not get a connection to the
    failover PIX.

    When im connected to the Failover PIX and issue a 'show ca cert' command it
    comes back with nothing so it would appear that configuring the primary with
    the ca authenticate and ca enroll commands does not configure the failover

    I have tried to authenticate and enroll the failover PIX to the CA seperatly
    but only the authenticate works (i.e. root CA cert id pulled back - but not
    a server cert for the PIX)

    Does anyone know if its possible to get this working with a failover pair of
    PIX's ? All the docs on Ciscos website just seem to refer to single PIX
    solutions and no mention is made of failover.


    Andy M, Jun 22, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.