RE: PIX FW Failover & Hello Packet

[Brian Ford <brford () cisco com>]

Danny,

Please check the documentation at http://www.cisco.com.  Based on your 
"Both PIX Fw is setup with..." description it doesn't sound like you have 
properly configured the PIXen for failover.

Liberty for All,

Brian

At 06:42 PM 5/6/2003 -0400, "Sutantyo, Danny" 
<DSutantyo () livingstonintl com> wrote:
> From: "Sutantyo, Danny" <DSutantyo () livingstonintl com>
> To: "'firewall-wizards () honor icsalabs com'" 
> <firewall-wizards () honor icsalabs com>
> Date: Mon, 5 May 2003 16:45:17 -0400
> Subject: [fw-wiz] RE: PIX FW Failover & Hello Packet
>
> Hi PIX expert
> I need help...
>
> I have 2 PIX 515 fws and setup both of them to run as failover, and also I
> have put the ACL on each interface except "Failover" interface. For some
> reason after failover cmd is turned on for few minutes, then for awhile the
> Standby PIX failed, and it keeps checking all the interfaces.
>
> The question is: The "hello" packet that PIX fw sends to all the interfaces,
> is it multicast or Cisco proprietary like Cisco CDP or something else?
>
> Is it possible the ACL blocks the communication when PIX tries to send the
> "hello" packet, and then it fails?
>
> Both PIX Fw is setup with 2 cables, and all the interfaces are plugged in to
> the switch that does not have trunking, etc.
> The inside int is connected to diff switch from the other 3 switch, and only
> these 3 int are in a waiting mode (waiting for hello packet), but not the
> inside interface and failover int.
>
> Any idea?
>
> Thanks
> Danny


Brian Ford
Consulting Engineer
Corporate Consulting Engineering, Office of the Chief Technology Officer
Cisco Systems, Inc.
http://www.cisco.com
e-mail: brford () cisco com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards