RE: Cisco PIX: questions

Fri, 22 Jun 2001 17:33:48 -0700 

Good point :-)

-----Original Message-----
From: Settle, Sean [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 21, 2001 9:52 AM
To: 'Jean-Pierre Harvey'; Settle, Sean; '[EMAIL PROTECTED]';
[EMAIL PROTECTED]
Subject: RE: Cisco PIX: questions


I was under the impression that simple failover was accomplished with the
serial link (power status, commands, config sync, etc) but that stateful
information (Logical Units) was transferred over a dedicated ethernet link.

Cisco Docs @
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/adva
nced.htm#10796 states:

Step 7   If you are using Stateful Failover, set the Stateful Failover
dedicate interface speed using the 100fullor 1000sxfull option to the
interface command. This is extremely important and must be performed even if
you are using a crossover connector to connect the PIX Firewall units
directly to each other.

Sean Settle
"The thirst after happiness is never extinguished in the heart of man" -
Jean Jacques Rousseau
X Network Services Q NPC X
Phoenix, AZ
Phone:  480-496-5434
Fax:    480-496-5224
SMTP:   [EMAIL PROTECTED]


-----Original Message-----
From: Jean-Pierre Harvey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 20, 2001 4:38 PM
To: 'Settle, Sean'; '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: Cisco PIX: questions


See in-line comments below

From: Settle, Sean [mailto:[EMAIL PROTECTED]]
Subject: RE: Cisco PIX: questions

c) For statefull failover on Gigabit enviorment (and working also 
with very high bandwith requirements), does the "link" between the 
PIXes need to be gigabit too? Can the statefull failover keep up 
with high bandwith?

c) Not 100% certain but my gut tells me that a fast ethernet link will be
sufficient

The PIX uses a serial connection to do stateful failover, not ethernet or
other, so you have to PIX connected to the gigabit ethernet network with a
serial cable in between. When one PIX fails the other assumes the MAC and IP
addresses of the previously active PIX.

ie.

PIX1---\
  |     \
Serial   ----- Switch ----- Router
  |     / 
PIX2---/

d) Version 6 allows SSHv1 support.

As does 5.3

Regards
JP
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to