LAN-based failover overcomes the distance limitations imposed by
the six-foot failover cable
. With LAN-based
failover, an Ethernet cable can be used to replicate configuration from the
primary PIX Security Appliance to the secondary PIX. The special failover cable
is not required. Instead, LAN-based failover requires a dedicated LAN interface
and a dedicated switch, hub, or VLAN. A crossover Ethernet cable should not be
used to connect the two units.
The same LAN interface used for LAN-based
failover can also be used for stateful failover. However, the interface needs
enough capacity to handle both the LAN-based failover and stateful failover
traffic. If the interface does not have the necessary capacity, use two
separate, dedicated interfaces.
LAN-based failover allows traffic to be
transmitted over Ethernet connections that are relatively less secure than the
special failover cable. To secure failover transmissions, LAN-based failover
provides message encryption and authentication using a manual pre-shared
key.
Complete the following steps to configure LAN-based failover.
Step 1 Install a LAN-based failover connection between the
two PIX Security Appliances. Verify that any switch port that connects to a PIX
interface is configured to support LAN-based failover. Disconnect the secondary
PIX.
Step 2 Configure the primary PIX Security
Appliance for failover.
Step 3 Save the
configuration of the primary unit to Flash memory.
Step 4 Power on the secondary PIX Security
Appliance.
Step 5 Configure the secondary PIX
Security Appliance with the LAN-based failover command set.
Step 6 Save the configuration of the secondary unit to Flash
memory.
Step 7 Connect the PIX Security
Appliance LAN-based failover interface to the network.
Step 8 Reboot the secondary unit.