RE: [nsp] REG: PIX 520.

From: Mark Persiko (persiko@bvsd.k12.co.us)
Date: Wed May 16 2001 - 12:57:07 EDT


Theoretically, you can use the command "failover link <interface name>" on
any
interface to make it the stateful failover interface. You can name each
interface
anything you want, I think: the defaults are "inside", "outside", etc.
Just be
sure it's consistent on each unit!
 
We have a PIX 515 UR with stateful failover, inside, outside, and two DMZ's.
That adds up to five (5) interfaces, so I would seem to be able to surpass
the
four interface limit that you found in the documentation.
 
You could always set up your secondary unit with failover on one embedded
interface and do a "show failover" from the primary unit to see if failover
information
is being passed correctly.
 
Thanks,
 Mark
 
- Mark C. Persiko, persiko@bvsd.k12.co.us
- MIS Dept, Boulder Valley School District

-----Original Message-----
From: Vinod Anthony Joseph Cherunni [mailto:vac@dsqworld.com]
Sent: Tuesday, May 15, 2001 5:54 AM
To: cisco-nsp@puck.nether.net
Subject: [nsp] REG: PIX 520.

Dear All,

In a PIX 520 configured for failover, I have populated the chasis as follows
-

(a) Each unit has two built in 10/100 ethernet interfaces.

(b) An additional 4 port 10/100 ethernet interface is installed.

If I use the 4 port module to connect to four distinct LANS, Can I use the
integrated interface by building a seperate LAN used only to pass "stateful"
information between the failover units.

The reason is that the Cisco documentation states, that the firewall
software can only support 4 interfaces.

Kindly enlighten me.

With warm regards,

Vinod.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:37 EDT