Re: PIX Lost failover communications

ccaron · ‎12-27-2002

My syslog showed a 105005 then 105008 then 105009 message.

I logged into the pix and did a "show fail" and everything looks fine except for one of the interfaces on the other host:

Interface outside (my ip address here): Testing

It never changes from testing...the syslog message says that it passed the test, but I want to know what I can do to get it out of the "testing" state or if something else is wrong.

Thanks,

Chris Caron

mpalardy · ‎12-30-2002

Look's like a bad cable or a defect FE-card on the other host.

OR perhaps the other host IP address is not in the same subnet as the primary PIX.

Can you ping all the other PIX interfaces?

ccaron · ‎12-30-2002

This has been a static config for over 2 years.

Yes, I can ping all PIX interfaces, even the one that is stuck in that "testing" state.

Everything appears to work fine, just instead of reporting "normal" it reports testing.

Is this the way it should behave?

Let me know your thoughts.

-CC

steve.barlow · ‎12-30-2002

If it is the secondary PIX try rebooting it to see if it clears up. If not, but a sniffer on to see if the keepalives/hellos are being sent between the PIXs. May also be a bug. Check the bug tool.

Hope it helps.

Steve

ccaron · ‎12-30-2002

I actually will try rebooting the secondary pix to see if that works as you suggest. That is probably it, it will probably clear out that "testing" status when I do it.

I will post again with the results next week after I do it.

-Cheers,

Chris