The Failover And Stateful Failover Links; Failover Link - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
The FO and FO_AA licenses are intended to be used solely for units in a failover configuration and not
for units in standalone mode. If a failover unit with one of these licenses is used in standalone mode, the
unit reboots at least once every 24 hours until the unit is returned to failover duty. A unit with an FO or
FO_AA license operates in standalone mode if it is booted without being connected to a failover peer
with a UR license. If the unit with a UR license in a failover pair fails and is removed from the
configuration, the unit with the FO or FO_AA license does not automatically reboot every 24 hours; it
operates uninterrupted unless the it is manually rebooted.
When the unit automatically reboots, the following message displays on the console:
=========================NOTICE=========================
========================================================
The ASA 5500 series adaptive security appliance platform does not have this restriction.
The Failover and Stateful Failover Links
This section describes the failover and the Stateful Failover links, which are dedicated connections
between the two units in a failover configuration. This section includes the following topics:
•
•
Failover Link
The two units in a failover pair constantly communicate over a failover link to determine the operating
status of each unit. The following information is communicated over the failover link:
•
•
•
•
•
•
Caution
All information sent over the failover and Stateful Failover links is sent in clear text unless you secure
the communication with a failover key. If the security appliance is used to terminate VPN tunnels, this
information includes any usernames, passwords and preshared keys used for establishing the tunnels.
Transmitting this sensitive data in clear text could pose a significant security risk. We recommend
securing the failover communication with a failover key if you are using the security appliance to
terminate VPN tunnels.
On the PIX 500 series security appliance, the failover link can be either a LAN-based connection or a
dedicated serial Failover cable. On the ASA 5500 series adaptive security appliance, the failover link can
only be a LAN-based connection.
This section includes the following topics:
OL-12172-03
This machine is running in secondary mode without
a connection to an active primary PIX. Please
check your connection to the primary system.
REBOOTING....
Failover Link, page 14-3
Stateful Failover Link, page 14-5
The unit state (active or standby).
Power status (cable-based failover only—available only on the PIX 500 series security appliance).
Hello messages (keep-alives).
Network link status.
MAC address exchange.
Configuration replication and synchronization.
Cisco Security Appliance Command Line Configuration Guide
Understanding Failover
14-3
Advertisement
Table of Contents
Troubleshooting
