troubleshooting Question

PIX 515 Failover problems since 3DES license upgrade....

Avatar of prodriveit
prodriveit asked on
Software FirewallsHardware FirewallsNetworking Hardware-Other
4 Comments1 Solution412 ViewsLast Modified:
Hi,

I have a problem with failover on a PIX setup.

Two pixes - both 515s one with Unrestricted license, one a failover bundle (so limited to run in secondary mode only).

Up to the point that I put the 3DES license on the 2 devices (by giving serial number to cisco and receiving  new software key) the failover was working fine - now they respond to sh failover commands as follows:

Primary:

Failover Off
Cable status: Normal
Failover unit Primary
Failover LAN Interface: not Configured
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 250 maximum

Secondary:

Failover On
Cable status: Normal
Failover unit Secondary
Failover LAN Interface: N/A - Serial-based failover enabled
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 250 maximum
Version: Ours 7.2(1), Mate Unknown
Last Failover at: 07:03:27 UTC Mar 2 2007
        This host: Secondary - Active
                Active time: 825 (sec)
                  Interface outside (**.**.**.**): Normal (Waiting)
                  Interface inside (192.168.40.254): Normal (Waiting)
        Other host: Primary - Failed
                Active time: 0 (sec)
                  Interface outside (**.**.**.**): Unknown (Waiting)
                  Interface inside (192.168.40.253): Unknown (Waiting)

Stateful Failover Logical Update Statistics
        Link : Unconfigured.

I have tried forcing the standby in to standby mode using the "no failover active" and also forcing the primary in to active mode by issuing a failover active command and also tried reloading both devices to reset the failover status completely - nothing is working.

Anyone any ideas?

DS
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros