Both PIX's should be Identical hardware and software wise. Depending upon which code version that you are using, the configuration is slightly different. On the primary you will assigns an interface IP address as well as a failover IP address. The secondary(failover) PIX will pull its IP's from the primary config. On older versions of code (5.x,4.x) you will need to connect every interface regardless of whether it Is enabled or shutdown.
This is not a simple thing to understand so I don't want to just post the appropriate commands. If done incorrectly, nothing works. I will however provide some good links! http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm http://www.cisco.com/warp/public/110/top_issues/pix/pix_index.shtml In the case of a failover, the secondary PIX will assume the IP address assigned to the primary. If configured properly with statefull failover, You will maintain all your sessions through the FW. Private Internetwork eXchange. Thanks Larry -----Original Message----- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 12:59 PM To: [EMAIL PROTECTED] Subject: Pix questions [7:43241] I am setting up a Pix 515 Unlimited I got the failover unit. If I want to use the 4-port DMZ card, do I need one for each chassis? What about a 1 Port? If I do need on each, how would you configure a web server to be redundant as well? I know you cant use the Same IP on both cards.. Is there some special software that you need to use to load balance between the DMZ interfaces? Maybe like a virtual IP? Also, what does Pix stand for, is it an Acronym for something? Or just the name of the proprietary embedded OS? Thanks for your help everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43250&t=43241 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
