The failover cable between the PIX is just for failover. If you want to
keep state, you have to use an ethernet link between the two.
Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jean-Pierre Harvey
Sent: Wednesday, June 20, 2001 7:38 PM
To: 'Settle, Sean'; '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: Cisco PIX: questions
See in-line comments below
From: Settle, Sean [mailto:[EMAIL PROTECTED]]
Subject: RE: Cisco PIX: questions
c) For statefull failover on Gigabit enviorment (and working also
with very high bandwith requirements), does the "link" between the
PIXes need to be gigabit too? Can the statefull failover keep up
with high bandwith?
c) Not 100% certain but my gut tells me that a fast ethernet link will be
sufficient
The PIX uses a serial connection to do stateful failover, not ethernet or
other, so you have to PIX connected to the gigabit ethernet network with a
serial cable in between. When one PIX fails the other assumes the MAC and IP
addresses of the previously active PIX.
ie.
PIX1---\
| \
Serial ----- Switch ----- Router
| /
PIX2---/
d) Version 6 allows SSHv1 support.
As does 5.3
Regards
JP
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
