Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
7
Replies

PIX Failover

kuldeeprawat
Level 1
Level 1

‎11-11-2004 11:06 AM - edited ‎02-20-2020 11:44 PM

Hi,

I am using PIX in Failover mode..

Currently my one PIX is down and other is up.

I am not able to find out whether my primary is up or secondary is up.

Here is the output of sh failover

FirewallPIX# sh primary

Type help or '?' for a list of available commands.

Eserve-primary# sh failover

Failover On

Cable status: Other side powered off

Reconnect timeout 0:00:00

Poll frequency 15 seconds

This host: Secondary - Active

Active time: 825765 (sec)

Interface intf5 (127.0.0.1): Link Down (Shutdown)

Interface intf4 (127.0.0.1): Link Down (Shutdown)

Interface link (172.28.64.1): Link Down (Shutdown)

Interface faillink (101.101.101.1): Link Down (Waiting)

Interface outside (61.90.112.209): Normal (Waiting)

Interface inside (172.36.235.21): Normal (Waiting)

Other host: Secondary - Standby

Active time: 0 (sec)

Interface intf5 (0.0.0.0): Unknown (Shutdown)

Interface intf4 (0.0.0.0): Unknown (Shutdown)

Interface link (172.28.64.2): Unknown (Shutdown)

Interface faillink (10.10.10.2): Unknown (Waiting)

Interface outside (61.90.112.208): Unknown (Waiting)

Interface inside (172.36.235.20): Unknown (Waiting)

Please help me out.

Another thing the second pix that is not connected has empty database it has nother.

Now when i switched on this PIX will it override the current running configuration of the PIX that is running..

What will happen in the case when i brings up the down pix.

Waiting for your reply...

0 Helpful
7 Replies 7

msdesai
Level 1
Level 1

‎11-11-2004 01:35 PM

From Output" Secondary - Active"

&

Other host: Secondary - Standby

You need to verfiy how the Failover cable is connect on both pix (primary pix is connected to primary side of failover cable and secondary pix is connected to secondary side of cable)

0 Helpful

kuldeeprawat
Level 1
Level 1
In response to msdesai

‎11-12-2004 02:52 AM

Hi,

Thanks for the inputs you have given to this issue.

I have analyzed everything and finded out that The active box is my secondary box and the off box is my active box. Now there is no configuratin in my Active box which is off. When i switched on my active box it replicates its configuration to secondary box and secondary box also gets down. It takes all the configuration from the active which is blank.

Now suggest me how to replicate the configuration from secondary to Primary.

This will solve my purpose.

Thanks

Irshad

0 Helpful

txg001
Level 1
Level 1

‎11-11-2004 07:54 PM

msdesai is mentioned, you need to pay attention to

Connect the failover cable to the primary PIX Firewall unit ensuring that the end of the cable marked "Primary" attaches to the primary unit and that the end marked "Secondary" connects to the secondary unit.

可以看下这里

look here

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config/failover.htm

0 Helpful

kuldeeprawat
Level 1
Level 1
In response to txg001

‎11-12-2004 02:48 AM

Hi,

Thanks for the inputs you have given to this issue.

I have analyzed everything and finded out that The active box is my secondary box and the off box is my active box. Now there is no configuratin in my Active box which is off. When i switched on my active box it replicates its configuration to secondary box and secondary box also gets down. It takes all the configuration from the active which is blank.

Now suggest me how to replicate the configuration from secondary to Primary.

This will solve my purpose.

Thanks

Irshad

0 Helpful

phithang
Level 1
Level 1
In response to kuldeeprawat

‎11-12-2004 07:03 AM

The currently active PIX is the unit that will replicate it's configuration to the standby unit. So since your secondary unit is active, when you plug in your primary unit, the secondary PIX will copy it's configuration to the Primary unit.

0 Helpful

irshad.saifi
Level 1
Level 1
In response to phithang

‎11-12-2004 11:59 AM

So do u want to say that when i will switched on the off pix the secondary will replicate to primary one.

Does it takes some time to replicate..

Actually what happend when i start the active one... i was suddenly not able to ping the secondary box and my whole network traffic was not passing through.

Does it takes some time to replicate???????????/

0 Helpful

kuldeeprawat
Level 1
Level 1
In response to phithang

‎11-12-2004 12:06 PM

So do u want to say that when i will switched on the off pix the secondary will replicate to primary one.

Does it takes some time to replicate..

Actually what happend when i start the active one... i was suddenly not able to ping the secondary box and my whole network traffic was not passing through.

Does it takes some time to replicate???????????/

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card