I configured 2 pix 525 ( active / standby) / LAN Failover with 2 IP-Addresses in the same Vlan, they did work for about 1 day and then lost one of them.
Tried to ping through the working one without success, the problem is that the working one (it was the standby one) is looking for the other one and during that time we loose the connectivity to the network and the internet goes down.
The primary / 192.168.111.250 and the other one is 251, I can't ping the 251 one from the primary but if I switch off the primary (x.x.x.250) and use HyperTerminal to connect to the other one then I see that the connected one (hyper terminal) is the standby pix with the IP (x.x.x.250) but changed to active, and if I switch off the standby pix ( x.x.x.251) and connect to the other one then I see that it's the standby and changed to active. In both cases I get network problems
The problem is that when both are switched on then the primary (x.x.x.250) is the standby and I can't ping or login to the other pix ( should be the x.x.x.251) and then I get problems with the network.
I would like to use only one if possible as I lost about 8 hours today trying to fix the issue without success and we have a conference I 24 hours and I need t get the network stable. Could I use only one (at least for 1 week) ? if yes, then what do I have to change in the config ( e.g disable the failover)?
What's the best thing to do to get at least one of them online without looking for the other pix?
Hope will get an answer soon as I have a big problem.
I am not sure if there is a tool for migrating the configuration from PIX to ASA8.3+ If there is, I have not come across it before. I do know that if you are upgrading from 8.2 to a later version the ASA will migrate the commands itself...though I have had mixed results with this as there have been many duplicate entries.
I did come across this webpage that has a tool for migrating NAT rules...which might be useful. I just did a couple small tests with it and it seems to work fine...though I am unsure how it will handle a large amount of rules.
I had the similar issue in my past experience. I have tried many options that time, but a restart of the pix devices gave a desired result. I possible can you share the sh failover output from the active device.... Try to make any of the pix as active and ensure the traffic is passing through that....
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln...
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/CiscoChampion
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of di...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...