https://community.cisco.com/t5/network-security/515e-failover-problems/m-p/776979#M1005133 <P>Hello,</P><P></P><P>I have a PIX 515E FO and it is st the factory defaults. I simply assigned an IP Address to the inside interface. I am trying to upgrade to 7.0, then 7.1(1), which is the version my UR is on. I can't even ping any host on the same subnet, I am totally lost as to why this is happening? I have the correct subnet mask and ip address scheme, yet i get no responses from any host i try to ping. I have tried hooking up a cross over to a laptop and even that is unsuccessful. I thought that maybe I had a defective unit so I RMA'd it, but the new unit is displaying the same behavior. I am a afraid that I am missing something simple?</P><P></P><P>Here is my show run:</P><P>PIX Version 6.3(5)</P><P>interface ethernet0 auto shutdown</P><P>interface ethernet1 100full</P><P>interface ethernet2 auto shutdown</P><P>interface ethernet3 auto shutdown</P><P>interface ethernet4 auto shutdown</P><P>interface ethernet5 auto shutdown</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>nameif ethernet2 intf2 security4</P><P>nameif ethernet3 intf3 security6</P><P>nameif ethernet4 intf4 security8</P><P>nameif ethernet5 intf5 security10</P><P>enable password xxx</P><P>passwd xxx</P><P>hostname pixfirewall</P><P>fixup protocol dns maximum-length 512</P><P>fixup protocol ftp 21</P><P>fixup protocol h323 h225 1720</P><P>fixup protocol h323 ras 1718-1719</P><P>fixup protocol http 80</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol sip 5060carrier, 0 no carrier </P><P>fixup protocol sip udp 5060</P><P>fixup protocol skinny 2000</P><P>fixup protocol smtp 25</P><P>fixup protocol sqlnet 1521</P><P>fixup protocol tftp 69</P><P>names</P><P>pager lines 24</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>mtu intf2 1500</P><P>mtu intf3 1500</P><P>mtu intf4 1500</P><P>mtu intf5 1500</P><P>no ip address outside</P><P>ip address inside 10.18.1.18 255.255.0.0</P><P>no ip address intf2</P><P>no ip address intf3</P><P>no ip address intf4</P><P>no ip address intf5</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>no failover</P><P>failover timeout 0:00:00</P><P>o failover ip address outside</P><P>no failover ip address inside</P><P>no failover ip address intf2</P><P>no failover ip address intf3</P><P>no failover ip address intf4</P><P>no failover ip address intf5</P><P>pdm history enable</P><P>arp timeout 14400</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00</P><P>timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout sip-disconnect 0:02:00 sip-invite 0:03:00</P><P>timeout uauth 0:05:00 absolute</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server TACACS+ max-failed-attempts 3</P><P>aaa-server TACACS+ deadtime 10</P><P>aaa-server RADIUS protocol radius</P><P>aaa-server RADIUS max-failed-attempts 3</P><P>aaa-server RADIUS deadtime 10</P><P>aaa-server LOCAL protocol local</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server community public</P><P>no snmp-server enable traps</P><P>floodguard enable</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>console timeout 0</P><P>terminal width 80</P><P>Cryptochecksum:xxx</P><P>: end</P><P>pixfirewall(config)# ping 10.18.0.1</P><P> 10.18.0.1 NO response received -- 1000ms</P><P> 10.18.0.1 NO response received -- 1000ms</P><P> 10.18.0.1 NO response received -- 1000ms</P><P>pixfirewall(config)#</P><P>pixfirewall(config)# show int e1</P><P>interface ethernet1 "inside" is up, line protocol is up</P><P> Hardware is i82559 ethernet, address is 000a.b7bc.4bdb</P><P> IP address 10.18.1.18, subnet mask 255.255.0.0</P><P> MTU 1500 bytes, BW 100000 Kbit full duplex</P><P> 1626 packets input, 155696 bytes, 0 no buffer</P><P> Received 1632 broadcasts, 0 runts, 0 giants</P><P> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort</P><P> 0 packets output, 0 bytes, 0 underruns</P><P> 0 output errors, 0 collisions, 0 interface resets</P><P> 0 babbles, 0 late collisions, 0 deferred</P><P> 0 lost carrier, 0 no carrier</P><P> input queue (curr/max blocks): hardware (128/128) software (0/1)</P><P> output queue (curr/max blocks): hardware (0/0) software (0/0)</P><P></P><P>This PIX has a Failover Only (FO) license.</P><P></P><P>Thanks for any help.</P> Mon, 11 Mar 2019 10:10:47 GMT DanielO 2019-03-11T10:10:47Z https://community.cisco.com/t5/network-security/515e-failover-problems/m-p/776979#M1005133 <P>Hello,</P><P></P><P>I have a PIX 515E FO and it is st the factory defaults. I simply assigned an IP Address to the inside interface. I am trying to upgrade to 7.0, then 7.1(1), which is the version my UR is on. I can't even ping any host on the same subnet, I am totally lost as to why this is happening? I have the correct subnet mask and ip address scheme, yet i get no responses from any host i try to ping. I have tried hooking up a cross over to a laptop and even that is unsuccessful. I thought that maybe I had a defective unit so I RMA'd it, but the new unit is displaying the same behavior. I am a afraid that I am missing something simple?</P><P></P><P>Here is my show run:</P><P>PIX Version 6.3(5)</P><P>interface ethernet0 auto shutdown</P><P>interface ethernet1 100full</P><P>interface ethernet2 auto shutdown</P><P>interface ethernet3 auto shutdown</P><P>interface ethernet4 auto shutdown</P><P>interface ethernet5 auto shutdown</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>nameif ethernet2 intf2 security4</P><P>nameif ethernet3 intf3 security6</P><P>nameif ethernet4 intf4 security8</P><P>nameif ethernet5 intf5 security10</P><P>enable password xxx</P><P>passwd xxx</P><P>hostname pixfirewall</P><P>fixup protocol dns maximum-length 512</P><P>fixup protocol ftp 21</P><P>fixup protocol h323 h225 1720</P><P>fixup protocol h323 ras 1718-1719</P><P>fixup protocol http 80</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol sip 5060carrier, 0 no carrier </P><P>fixup protocol sip udp 5060</P><P>fixup protocol skinny 2000</P><P>fixup protocol smtp 25</P><P>fixup protocol sqlnet 1521</P><P>fixup protocol tftp 69</P><P>names</P><P>pager lines 24</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>mtu intf2 1500</P><P>mtu intf3 1500</P><P>mtu intf4 1500</P><P>mtu intf5 1500</P><P>no ip address outside</P><P>ip address inside 10.18.1.18 255.255.0.0</P><P>no ip address intf2</P><P>no ip address intf3</P><P>no ip address intf4</P><P>no ip address intf5</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>no failover</P><P>failover timeout 0:00:00</P><P>o failover ip address outside</P><P>no failover ip address inside</P><P>no failover ip address intf2</P><P>no failover ip address intf3</P><P>no failover ip address intf4</P><P>no failover ip address intf5</P><P>pdm history enable</P><P>arp timeout 14400</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00</P><P>timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout sip-disconnect 0:02:00 sip-invite 0:03:00</P><P>timeout uauth 0:05:00 absolute</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server TACACS+ max-failed-attempts 3</P><P>aaa-server TACACS+ deadtime 10</P><P>aaa-server RADIUS protocol radius</P><P>aaa-server RADIUS max-failed-attempts 3</P><P>aaa-server RADIUS deadtime 10</P><P>aaa-server LOCAL protocol local</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server community public</P><P>no snmp-server enable traps</P><P>floodguard enable</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>console timeout 0</P><P>terminal width 80</P><P>Cryptochecksum:xxx</P><P>: end</P><P>pixfirewall(config)# ping 10.18.0.1</P><P> 10.18.0.1 NO response received -- 1000ms</P><P> 10.18.0.1 NO response received -- 1000ms</P><P> 10.18.0.1 NO response received -- 1000ms</P><P>pixfirewall(config)#</P><P>pixfirewall(config)# show int e1</P><P>interface ethernet1 "inside" is up, line protocol is up</P><P> Hardware is i82559 ethernet, address is 000a.b7bc.4bdb</P><P> IP address 10.18.1.18, subnet mask 255.255.0.0</P><P> MTU 1500 bytes, BW 100000 Kbit full duplex</P><P> 1626 packets input, 155696 bytes, 0 no buffer</P><P> Received 1632 broadcasts, 0 runts, 0 giants</P><P> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort</P><P> 0 packets output, 0 bytes, 0 underruns</P><P> 0 output errors, 0 collisions, 0 interface resets</P><P> 0 babbles, 0 late collisions, 0 deferred</P><P> 0 lost carrier, 0 no carrier</P><P> input queue (curr/max blocks): hardware (128/128) software (0/1)</P><P> output queue (curr/max blocks): hardware (0/0) software (0/0)</P><P></P><P>This PIX has a Failover Only (FO) license.</P><P></P><P>Thanks for any help.</P> Mon, 11 Mar 2019 10:10:47 GMT https://community.cisco.com/t5/network-security/515e-failover-problems/m-p/776979#M1005133 DanielO 2019-03-11T10:10:47Z https://community.cisco.com/t5/network-security/515e-failover-problems/m-p/776980#M1005134 <HTML><HEAD></HEAD><BODY><P>The issue here is the FO license. A PIX with FO license cannot work in standalone mode. This is the reason why you cant ping its interfaces or ping hosts from this PIX. </P><P></P><P>You may try enabling failover on PIX and then try doing upgrade.</P><P></P><P>ip address inside 10.18.1.18 255.255.0.0 </P><P>failover ip address inside 10.18.1.19</P><P>failover</P><P></P><P>Wait for few secs, now this PIX should assume "Active" role and you should be able to ping the interface. Now try the upgrade.</P><P></P><P>Hope this helps.</P><P></P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Tue, 08 May 2007 19:06:42 GMT https://community.cisco.com/t5/network-security/515e-failover-problems/m-p/776980#M1005134 vitripat 2007-05-08T19:06:42Z https://community.cisco.com/t5/network-security/515e-failover-problems/m-p/776981#M1005135 <HTML><HEAD></HEAD><BODY><P>Thanks so much, this was perfect. I appreciate your assistance greatly.</P></BODY></HTML> Thu, 10 May 2007 15:36:55 GMT https://community.cisco.com/t5/network-security/515e-failover-problems/m-p/776981#M1005135 DanielO 2007-05-10T15:36:55Z