Search This Blog

Thursday, January 15, 2009

firewall-wizards Digest, Vol 33, Issue 3

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: PIX515 failover (Chris Myers)


----------------------------------------------------------------------

Message: 1
Date: Thu, 15 Jan 2009 18:10:48 -0600
From: Chris Myers <clmmacunix@charter.net>
Subject: Re: [fw-wiz] PIX515 failover
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Cc: firewall-wizards@listserv.cybertrust.com
Message-ID: <91FB3C42-E66D-4CD4-8284-E14CBB73A956@charter.net>
Content-Type: text/plain; charset="us-ascii"; Format="flowed";
DelSp="yes"

Meindert,

Just use the LAN failover. It is going to be stateful, but you really
want it. Configure both offline You will need to use the template in
the following URL. If for some reason you cannot open it up. Just
apply the following format.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029143

v7.0 and above you only have to configure the link interface. The
interfaces have to be dedicated and in the same VLAN.

For v6.3
pix1 (config)# failover ip address outside 172.23.58.51

pix(config)# failover ip address inside 10.0.0.4

pix(config)# failover ip address stateful 10.0.1.4

pix(config)# failover ip address lanlink 10.0.2.4

pix(config)# failover

pix(config)# failover poll 15

pix(config)# failover lan unit primary

pix(config)# failover lan interface lanlink

pix(config)# failover lan key 12345678

pix(config)# failover lan enable

*****************************************


Pix2(config)# nameif ethernet3 lanlink security30

pix2(config)# interface ethernet3 100full

pix2(config)# ip address lanlink 10.0.2.2 255.255.255.0

pix2(config)# failover ip address lanlink 10.0.2.4

pix2(config)# failover

pix2(config)# failover lan unit secondary (optional)

pix2(config)# failover lan interface lanlink

pix2(config)# failover lan key 12345678

pix2(config)# failover lan enable

IP addresses on each interface like normal
Chris Myers
clmmacunix@charter.net

John 1:17
For the Law was given through Moses; grace and truth were realized
through Jesus Christ.


Go Vols!!!!

On Jan 15, 2009, at 4:39 AM, Meindert Uitman wrote:

> Hi there,
>
> Cisco states that a failover config need the same hardware for both
> nodes. I
> have two 515's. RAM, SW version, interfaces and licences are no
> problem, but
> processor types are different. Does anyone have experience with such a
> config when set for failover? I do not need the stateful failover
> option.
>
> Thanks in advance,
>
> Meindert.
>
> .- ...- .. -.-. AVIC B.V.
> Koeweistraat 3
> 4181 CD Waardenburg
> The Netherlands
>
> tel: +31(0)418674644
> fax: +31(0)418674111
> Mobile: +31(0)622744718
> e-mail: meindert.uitman@avic.nl
>
> DISCLAIMER:
> The information contained in this communication is confidential and
> may
> Be legally privileged. It is intended solely for the use of the
> individual
> or
> entity to whom it is addressed and others authorised to receive it.
> If you
> are not the intended recipient you are hereby notified that any
> disclosure,
> copying, distribution or taking any action in reliance of the
> contents of
> this information is strictly prohibited and may be unlawful. Avic is
> neither
> liable for the proper and complete transmission of the information
> contained in this communication nor for any delay in its receipt.
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090115/942e5ab6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 18654 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090115/942e5ab6/attachment.tiff>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 33, Issue 3
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)