How Failover Works on the Cisco PIX Firewall

罗蓁蓁

 关注

阅读 27

2022-02-19

The main commands for configuration of failover between two PIX (PIX3 and PIX4)

Primary: PIX3
failover
failover lan unit primary
failover lan interface failover Ethernet3
failover lan enable
failover key cisco
failover link stateful Ethernet4
failover interface ip failover 192.168.1.1 255.255.255.252 standby 192.168.1.2
failover interface ip stateful 192.168.2.1 255.255.255.252 standby 192.168.2.2
int e3
  no shut

Secondary: PIX4 (After open failover feature, the hostname will remain the samas the first active one.)

failover lan unit secondary
failover lan interface failover Ethernet3
failover lan enable
failover key cisco
failover interface ip failover 192.168.1.1 255.255.255.252 standby 192.168.1.2
int e3
  no shut
failover
Primary:
int e4
  no shut

Before enable stateful interface, we check the telnet from inside to outside will be torn down when there's a failover.

Telnet is good.

Perform failover:

The telnet connection is closed immidiately after failover:

Let's enable stateful interface on active PIX:

Use below commands to tell them apart from each other:

We telnet again, we see that the telnet connection is still there after failover:

Let's check the MAC address before and after failover. We see that the MAC address for interface inside, outside and dmz exchanges between Active and Standby.

On SW1 and SW2:

Before failover (Primary as Active, Secondary as Standby)
SW1 connecting PIX3-PrimarySW2 connecting PIX4-Secondary
 110    000c.850e.d4e0    DYNAMIC     Fa1/0/7 110    0015.625a.f4e7    DYNAMIC     Fa1/0/11
 110    0015.625a.f4e7    DYNAMIC     Gi1/0/1 110    0015.632a.96ec    DYNAMIC     Gi1/0/1
 110    0015.632a.96ec    DYNAMIC     Fa1/0/11 110    24b6.57ec.5001    DYNAMIC     Gi1/0/1
 110    00b0.6416.be41    DYNAMIC     Fa1/0/2
 102    0015.625a.f4e6    DYNAMIC     Gi1/0/1 102    0015.625a.f4e6    DYNAMIC     Fa1/0/10
 102    0015.632a.96eb    DYNAMIC     Fa1/0/10 102    0015.632a.96eb    DYNAMIC     Gi1/0/1
 102    001e.7aa4.45b8    DYNAMIC     Fa1/0/1 102    24b6.57ec.5001    DYNAMIC     Gi1/0/1
 172    000d.8810.c538    DYNAMIC     Fa1/0/12 172    000d.8810.c538    DYNAMIC     Gi1/0/1
 172    000d.8810.ca24    DYNAMIC     Gi1/0/1 172    000d.8810.ca24    DYNAMIC     Fa1/0/12
 172    00b0.6428.f341    DYNAMIC     Fa1/0/3 172    00b0.6428.f341    DYNAMIC     Gi1/0/1
 172    24b6.57ec.5001    DYNAMIC     Gi1/0/1
After failover(Primary as Standby, Secondary as Active)
 110    000c.850e.d4e0    DYNAMIC     Fa1/0/7 102    0015.625a.f4e6    DYNAMIC     Gi1/0/1
 110    0015.625a.f4e7    DYNAMIC     Fa1/0/11 102    0015.632a.96eb    DYNAMIC     Fa1/0/10
 110    0015.632a.96ec    DYNAMIC     Gi1/0/1 102    24b6.57ec.5001    DYNAMIC     Gi1/0/1
 110    00b0.6416.be41    DYNAMIC     Fa1/0/2 110    0015.625a.f4e7    DYNAMIC     Gi1/0/1
 102    0015.625a.f4e6    DYNAMIC     Fa1/0/10 110    0015.632a.96ec    DYNAMIC     Fa1/0/11
 102    0015.632a.96eb    DYNAMIC     Gi1/0/1 110    00b0.6416.be41    DYNAMIC     Gi1/0/1
 102    001e.7aa4.45b8    DYNAMIC     Fa1/0/1 110    24b6.57ec.5001    DYNAMIC     Gi1/0/1
 172    000d.8810.c538    DYNAMIC     Gi1/0/1 172    000d.8810.c538    DYNAMIC     Fa1/0/12
 172    000d.8810.ca24    DYNAMIC     Fa1/0/12 172    000d.8810.ca24    DYNAMIC     Gi1/0/1
 172    00b0.6428.f341    DYNAMIC     Fa1/0/3 172    00b0.6428.f341    DYNAMIC     Gi1/0/1
 172    24b6.57ec.5001    DYNAMIC     Gi1/0/1

相关推荐

How to configure Cisco firewall PIX 525 (2)

小猪肥 52 0 0

How program works

MaxWen 50 0 0

how tomcat works 总结

夏天的枫_ 106 0 0

how tcp connection works?

晗韩不普通 156 0 0

cisco firewall开启ASDM管理

西风白羽 19 0 0

how tomcat works 总结 三

纽二 72 0 0

how tomcat works 总结 二

佛贝鲁先生 64 0 0

Cisco防火墙Failover技术

蒸熟的土豆 102 0 0

How a SQL SELECT statement works

12a597c01003 63 0 0

how tomcat works 5 servlet容器 下

凯约 113 0 0

精彩评论(0)

0 0 举报