[fw-wiz] Implementing PIX Failover over a Fibre link?

Daniel Linder dlinder@iprev.com
Mon, 18 Sep 2000 10:26:00 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --On 09/14/00 11:39:04 AM +0100 gary.smith@ScottishAmicable.co.uk
wrote:
> We have a requirement for multi-site resiliance for one of our
> customers Extranet sites and I would ideally like to have the 2 PIX
> firewalls communicating in the active-passive failover mode,
> however, the two sites are approximately 2 miles distant from one
> another.  The question is, can 2 PIX firewalls operate across a
> fibre link in failover mode, and if so, how?

  If you have some time to experiment and accept the fact that Cisco
won't support it, the cable between the two PIX firewalls is nothing
more than a fancy serial cable.  (These ports terminate on the PIX's
9 pin serial port internally.)  I think I have seen some
serial-to-fiber converters that should work.  Checking
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/inst
all/failover.htm figure 3-5, it appears that there are nine cables
that have to go across so it might make simple serial-to-fiber
converters unworkable.  A serial-to-fiber MUX?

  Good luck!

Dan

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOcY0CGAbmmZFgUT8EQLnjQCfdb0Y3OgAb+zNEnKWCING61lGzMcAnRQT
v3ww5IfXWjRpRtRS/QDwH5PE
=5KOJ
-----END PGP SIGNATURE-----