Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
1
Replies

PIX 515 failover on power failure.

btimby_indy
Level 1
Level 1

‎02-07-2006 07:35 AM - edited ‎02-21-2020 12:41 AM

I have two PIX 515 firewalls in failover configuration. If I unplug the active unit from the network, failover occurs as it should. However, if I turn off the active unit, no failover occurs. When I turn the active back on, failover occurs to the standby unit.

This is the state shown while the active is powered down.

--

pix01# show fail

Failover On

Serial Failover Cable status: Other side powered off

Reconnect timeout 0:00:00

Poll frequency 3 seconds

Last Failover at: 10:26:39 UTC Tue Feb 7 2006

This host: Primary - Standby

Active time: 0 (sec)

Interface outside (10.1.9.88): Normal

Interface inside (172.16.180.253): Normal

Interface unused0 (192.168.2.2): Link Down (Shutdown)

Interface unused1 (192.168.3.2): Link Down (Shutdown)

Interface unused2 (192.168.4.2): Link Down (Shutdown)

Other host: Secondary - Active

Active time: 192 (sec)

Interface outside (10.1.9.86): Normal

Interface inside (172.16.180.254): Normal

Interface unused0 (192.168.2.1): Link Down (Shutdown)

Interface unused1 (192.168.3.1): Link Down (Shutdown)

Interface unused2 (192.168.4.1): Link Down (Shutdown)

Stateful Failover Logical Update Statistics

Link : state-fo

Stateful Obj xmit xerr rcv rerr

General 20 0 21 0

sys cmd 20 0 19 0

up time 0 0 2 0

xlate 0 0 0 0

tcp conn 0 0 0 0

udp conn 0 0 0 0

ARP tbl 0 0 0 0

RIP Tbl 0 0 0 0

Logical Update Queue Information

Cur Max Total

Recv Q: 0 1 21

Xmit Q: 0 1 20

LAN-based Failover is Active

interface state-fo (192.168.1.1): Link Down, peer (192.168.1.2): Nol

--

According to the documentation, the standby unit should take over if it detects a power failure in the active unit. This seems to be the case, as the show fail command shows that the active unit is powered down. Any ideas?

0 Helpful
1 Reply 1

btimby_indy
Level 1
Level 1

‎02-08-2006 03:14 PM

Disabling the lan based failover with the following command sequence fixed my problem:

no failover

no failover lan

failover

I had to run this on both units so that configuration syncronization could continue.

Thanks to Kris at TAC for his assistance!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card