PIX525: Need Failover help

Discussion in 'Cisco' started by Jon Doe, Aug 18, 2006.

  1. Jon Doe

    Jon Doe Guest

    Hi everyone,

    My PIX525 (running PIX 7.1(2)) currently has the failover serial cable
    connected as well as a cross-over cable connected to a 10/100 port (LAN
    failover is not currently enabled though). I've had a couple of unexpected
    failovers happen, and when these happen, we lose connection. This has made
    me want to go ahead and enable LAN failover so as to be able to take
    advantage of not having those network hiccups during failovers. The issue is
    that I actually have gig ports on this FW, but the failover is set up on a
    10/100 port. I understand that it is recommended to have the LAN failover on
    the fastest port.

    The situation with the 2 gig ports I have (both are fiber connected) is that
    Gigport0 is configured as the "inside" interface with no sub interfaces.
    Gigport1 is also enabled, and with 7 subinterfaces. I've heard that it is
    also recommended to dedicate a port to failover rather than having any
    subinterfaces sharing it (is that true?). Note than the "inside" network
    consists of about 10 VLANs... and lots of traffic.

    My idea is to move the "inside" interface to Gigport1 as a subinterface
    thereby freeing up Gigport0 to be used exclusively as the failover port.
    Does this plan seem like a good idea? Is there anything I should watch out
    for? The fiber cable connecting the gig ports are connected to switches...
    would it still work given that primary and secondary PIXs won't be directly
    connected to each other? Also, what if I just enable LAN failover leaving it
    on the 10/100 port?

    Any advice would be greatly appreciated. Thanks!

    Kevin
     
    Jon Doe, Aug 18, 2006
    #1
    1. Advertisements

  2. Jon Doe

    Jon Doe Guest

    Anyone?
     
    Jon Doe, Aug 19, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.