[c-nsp] PIX 7.0 Failover Question/Problem
Jimmy Changa
changaorama at gmail.com
Sun Jun 19 10:32:55 EDT 2005
Hi Folks,
I have 2 questions, one of them may be more of a problem then a question.
Question 1.
Should I be able to telnet secondary/standby unit via its assigned IP?
My active unit is x.x.x.2 and the standby is x.x.x.3. I cant ping or
telnet x.x.x.3.
Question 2.
With a Active/Standby Cable-based w/ Stateful LAN, what is the
expected time frame for failover to complete. When I manually failover
the active to the standby it take between 45 to 60 seconds. I also
noticed the adjacent routers show it looses OSPF neighbor status with
the firewall during this time. Ill add the failover portions of my
config.
Thanks,
Joe
interface Ethernet0
speed 100
duplex full
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.240 standby x.x.x.x
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0 standby 192.168.10.3
!
interface Ethernet2
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface Ethernet2.56
vlan 56
nameif dmz
security-level 50
ip address 10.101.0.1 255.255.255.0 standby 10.101.0.11
!
interface Ethernet3
description STATE Failover Interface
!
failover
failover polltime unit 1 holdtime 3
failover key *****
failover replication http
failover link state Ethernet3
failover interface ip state 10.50.1.33 255.255.255.252 standby 10.50.1.34
monitor-interface outside
monitor-interface inside
monitor-interface dmz
More information about the cisco-nsp
mailing list