Uses message encryption and authentication to secure failover transmissions

© 2005 Cisco Systems, Inc. All rights reserved. SNPA V4.0—16-21

LAN-based failover overcomes the distance limitations imposed by the six-foot failover cable. With LAN-based failover, an Ethernet cable can be used to replicate configuration from the primary security appliance to the secondary security appliance; the special serial failover cable is not required. Instead, LAN-based failover requires a dedicated LAN interface and a dedicated switch, hub, or switch VLAN. Prior to Version 7, you can not use a crossover Ethernet cable to connect the two security appliances for LAN-based failover.

The same LAN interface used for LAN-based failover can also be used for stateful failover. However, the interface needs enough capacity to handle both the LAN-based failover and stateful failover traffic. If the interface does not have the necessary capacity, use two separate, dedicated interfaces.

LAN-based failover allows traffic to be transmitted over Ethernet connections that are relatively less secure than the special failover cable; therefore, to secure failover transmissions, LAN-based failover provides message encryption and authentication using a manual pre-shared key.

Note Starting with PIX Security Appliance Version 7.0, crossover Ethernet cable can also be used for LAN-based failover cabling. Straight and crossover cables can be used for ASA LAN-based failover cabling.

0 0

Post a comment