cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
647
Views
0
Helpful
7
Replies

PIX Failover

kuldeeprawat
Level 1
Level 1

Hi,

I am using PIX in Failover mode..

Currently my one PIX is down and other is up.

I am not able to find out whether my primary is up or secondary is up.

Here is the output of sh failover

FirewallPIX# sh primary

Type help or '?' for a list of available commands.

Eserve-primary# sh failover

Failover On

Cable status: Other side powered off

Reconnect timeout 0:00:00

Poll frequency 15 seconds

This host: Secondary - Active

Active time: 825765 (sec)

Interface intf5 (127.0.0.1): Link Down (Shutdown)

Interface intf4 (127.0.0.1): Link Down (Shutdown)

Interface link (172.28.64.1): Link Down (Shutdown)

Interface faillink (101.101.101.1): Link Down (Waiting)

Interface outside (61.90.112.209): Normal (Waiting)

Interface inside (172.36.235.21): Normal (Waiting)

Other host: Secondary - Standby

Active time: 0 (sec)

Interface intf5 (0.0.0.0): Unknown (Shutdown)

Interface intf4 (0.0.0.0): Unknown (Shutdown)

Interface link (172.28.64.2): Unknown (Shutdown)

Interface faillink (10.10.10.2): Unknown (Waiting)

Interface outside (61.90.112.208): Unknown (Waiting)

Interface inside (172.36.235.20): Unknown (Waiting)

Please help me out.

Another thing the second pix that is not connected has empty database it has nother.

Now when i switched on this PIX will it override the current running configuration of the PIX that is running..

What will happen in the case when i brings up the down pix.

Waiting for your reply...

7 Replies 7

msdesai
Level 1
Level 1

From Output" Secondary - Active"

&

Other host: Secondary - Standby

You need to verfiy how the Failover cable is connect on both pix (primary pix is connected to primary side of failover cable and secondary pix is connected to secondary side of cable)

Hi,

Thanks for the inputs you have given to this issue.

I have analyzed everything and finded out that The active box is my secondary box and the off box is my active box. Now there is no configuratin in my Active box which is off. When i switched on my active box it replicates its configuration to secondary box and secondary box also gets down. It takes all the configuration from the active which is blank.

Now suggest me how to replicate the configuration from secondary to Primary.

This will solve my purpose.

Thanks

Irshad

txg001
Level 1
Level 1

msdesai is mentioned, you need to pay attention to

Connect the failover cable to the primary PIX Firewall unit ensuring that the end of the cable marked "Primary" attaches to the primary unit and that the end marked "Secondary" connects to the secondary unit.

可以看下这里

look here

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config/failover.htm

Hi,

Thanks for the inputs you have given to this issue.

I have analyzed everything and finded out that The active box is my secondary box and the off box is my active box. Now there is no configuratin in my Active box which is off. When i switched on my active box it replicates its configuration to secondary box and secondary box also gets down. It takes all the configuration from the active which is blank.

Now suggest me how to replicate the configuration from secondary to Primary.

This will solve my purpose.

Thanks

Irshad

The currently active PIX is the unit that will replicate it's configuration to the standby unit. So since your secondary unit is active, when you plug in your primary unit, the secondary PIX will copy it's configuration to the Primary unit.

So do u want to say that when i will switched on the off pix the secondary will replicate to primary one.

Does it takes some time to replicate..

Actually what happend when i start the active one... i was suddenly not able to ping the secondary box and my whole network traffic was not passing through.

Does it takes some time to replicate???????????/

So do u want to say that when i will switched on the off pix the secondary will replicate to primary one.

Does it takes some time to replicate..

Actually what happend when i start the active one... i was suddenly not able to ping the secondary box and my whole network traffic was not passing through.

Does it takes some time to replicate???????????/

Review Cisco Networking for a $25 gift card