Link to home
Start Free TrialLog in
Avatar of prodriveit
prodriveit

asked on

PIX 515 Failover problems since 3DES license upgrade....

Hi,

I have a problem with failover on a PIX setup.

Two pixes - both 515s one with Unrestricted license, one a failover bundle (so limited to run in secondary mode only).

Up to the point that I put the 3DES license on the 2 devices (by giving serial number to cisco and receiving  new software key) the failover was working fine - now they respond to sh failover commands as follows:

Primary:

Failover Off
Cable status: Normal
Failover unit Primary
Failover LAN Interface: not Configured
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 250 maximum

Secondary:

Failover On
Cable status: Normal
Failover unit Secondary
Failover LAN Interface: N/A - Serial-based failover enabled
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 250 maximum
Version: Ours 7.2(1), Mate Unknown
Last Failover at: 07:03:27 UTC Mar 2 2007
        This host: Secondary - Active
                Active time: 825 (sec)
                  Interface outside (**.**.**.**): Normal (Waiting)
                  Interface inside (192.168.40.254): Normal (Waiting)
        Other host: Primary - Failed
                Active time: 0 (sec)
                  Interface outside (**.**.**.**): Unknown (Waiting)
                  Interface inside (192.168.40.253): Unknown (Waiting)

Stateful Failover Logical Update Statistics
        Link : Unconfigured.

I have tried forcing the standby in to standby mode using the "no failover active" and also forcing the primary in to active mode by issuing a failover active command and also tried reloading both devices to reset the failover status completely - nothing is working.

Anyone any ideas?

DS
Avatar of mreece983
mreece983

It sounds like you may have lost the failover configuration commands on the primary unit. Check out this link and read over the "Configuring Cable-Based Active/Standby Failover (PIX Security Appliance Only)" section and make sure all commands are present on both PIXs.
ASKER CERTIFIED SOLUTION
Avatar of mreece983
mreece983

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of prodriveit

ASKER

Hi,

I tried all this and got nowhere... .it's looking like I might have to reset back to factory config and try again on site. Any other pointers? BTW - how do I set a pix back to factory config quickly?

DS
Hi All,

Just to let you know that when I removed the standby IP commands from the config and re-added them, the failover picked up again. I didn't do this on first attempt.

Thanks to mcreece983 for his help.

DS