Firewall Wizards mailing list archives
RE: PIX stateful failover and crossover cables
From: "Crissup, John (MBNP is)" <John.Crissup () us millwardbrown com>
Date: Fri, 21 Jan 2005 14:16:42 -0600
I have seen whitepapers from Cisco about configuring a stateful failover link that specifically states not to use a crossover. I'm not sure why, wouldn't think it should matter, but they have put it in writing. I honestly can't remember at the moment if I created a VLAN for two ports, or if I just used a cross-over anyway. I'd have to go look. I would search the CCO site for how to configure the link to find the statement. -- John -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Dave Breiland Sent: Wednesday, January 19, 2005 11:13 AM To: mkrbeck () hushmail com Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] PIX stateful failover and crossover cables I sent the link a minute ago, but the quote resembling your question is... "A dedicated LAN interface and a dedicated switch (or VLAN) is required to implement LAN-based failover. You cannot use a crossover Ethernet cable to connect the two PIX security appliances." HOWEVER... I know that I have used crossover cables several times... and know many people who feel it is acceptable. It may not be best practice though. Dave mkrbeck () hushmail com wrote:
I recall reading a detailed technical paper recently on the cisco site where it was recommended that pix stateful interface traffic always be passed thru a switch (as opposed to a x-over cable) between a pair of pix chassis, regardless of whether the deployment is serial cable or LAN failover, however I cannot find it again, would anyone have a link for it or a copy ?? thanks Martyn Beck Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ==================================================== This email is confidential and intended solely for the use of the individual or organisation to whom it is addressed. Any opinions or advice presented are solely those of the author and do not necessarily represent those of the Millward Brown Group of Companies. If you are not the intended recipient of this email, you should not copy, modify, distribute or take any action in reliance on it. If you have received this email in error please notify the sender and delete this email from your system. Although this email has been checked for viruses and other defects, no responsibility can be accepted for any loss or damage arising from its receipt or use. ==================================================== _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX stateful failover and crossover cables mkrbeck (Jan 19)
- Re: PIX stateful failover and crossover cables Dave Breiland (Jan 21)
- Re: PIX stateful failover and crossover cables Dave Breiland (Jan 21)
- Re: PIX stateful failover and crossover cables Kerry Thompson (Jan 21)
- Re: PIX stateful failover and crossover cables dave (Jan 21)
- <Possible follow-ups>
- RE: PIX stateful failover and crossover cables Crissup, John (MBNP is) (Jan 21)
- RE: PIX stateful failover and crossover cables Jason Hamilton (Jan 21)