12-27-2009 12:40 PM - edited 03-11-2019 09:51 AM
Hi,
My single uni cisco Pix with UR license keep rebooting from last 20 days approx, daily or after one day.
i enabled logging, the only message i received was
%PIX-1-101003: (Secondary) Failover cable not connected (this unit)
Though its a single unit and failover is not configured. can any tell me what might be the reason?
PIX# sh fail
Failover Off
Cable status: My side not connected
Reconnect timeout 0:00:00
Poll frequency 15 seconds
PIX# sh crash
No crash file found.
Please assist/
PIX#sh ver
Cisco PIX Firewall Version 6.3(3)
Compiled on Wed 13-Aug-03 13:55 by morlee
PIX up 1 hour 29 mins
Hardware: AL440LX, 32 MB RAM, CPU Pentium II 266 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0090.273a.7654, irq 11
1: ethernet1: address is 0090.273a.7659, irq 10
2: ethernet2: address is 0090.2722.08d6, irq 9
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 12
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
12-27-2009 05:50 PM
I have heard of such issues with PIX in failover pair which have FO or FO_AA license installed. If a failover unit with one of these licenses is used in
standalone mode, the unit will reboot at least once every 24 hours until the unit is returned to failover duty. A unit with an FO or FO_AA license operates in standalone mode if it is booted without being connected to a failover peer with a UR license. If the unit with a UR license in
a failover pair fails and is removed from the configuration, the unit with the FO or FO_AA license will not automatically reboot every 24 hours; it will operate uninterrupted unless the it is manually rebooted.
When the unit automatically reboots, the following message displays on the console:
=========================NOTICE=========================
This machine is running in secondary mode without
a connection to an active primary PIX. Please
check your connection to the primary system.
REBOOTING....
========================================================
Could you capture console logs ? Verfiy the license as well on the box.
HTH
Vijaya
12-28-2009 12:30 PM
Hi Vijay, You are right in FO license case, but mine is UR license, moreover this is single unit, no failover configuration as well, as shown by output in question.
I am remotely sitting so no option for console right now.
What else i can do to know cause of this frequent reboot ? :-s, You or any one else? please
12-28-2009 02:37 PM
Pls. watch what the logs show from the time of the reboot everyday.
We have seen issues where the cleaning crew just unplugged the device and plugged their vaccum cleaner in that outlet which caused a nightly reboot (believe it or not this has happened !!). So, pls. see what the logs say and we shall go from there. Since there is no crash file recorded I am thinking either it lost power or it is crashing without recording a crash file.
-KS
12-28-2009 03:05 PM
Hi kusankar,
Thank you for the input, we have already changed the power cord and power source fo the device with the help of onsight guys.
just want to confirm one thing i have enabledlogging in below fashoin
logging on
logging timestamp
logging buffered errors
logging trap alerts
logging host inside xxxx
is that enough? and i will be able to catch the cause of this reload? actually didnt work much on PIX logging,
12-28-2009 05:42 PM
Dec 28 2009 20:19:18: %ASA-4-411002: Line protocol on Interface dmz1, changed state to down
You should see messages that are logged in level 4 like the above.
Also if it was reloaded you would see this message that gets logged in level 5
Error Message %PIX|ASA-5-199001: Reload command executed from telnet (remote
IP_address).
I'd suggest to enable the trap logging to debug level just so, we don't miss any logs.
So, you need this line "loggin trap 7" and make sure the logging host is up and collecting the logs.
Next time a reload happens, issue a sh ver and caluclate the time it must have reloaded based on the up time and filter
the syslogs around the time of the problem and upload them here.
-KS
12-29-2009 12:55 PM
it happened again, i tried logging buffered 5 and logging trap 5, but it didnt catch any thing, will try for level 6 tonight.
cant go for level 7 debug, i am afraid i might lost the connection due to heavy number of messages, but that would be last option,
one thing to ask, if i connect a system with console access to pix firewall, will i get some better messages on console output?
12-29-2009 01:07 PM
If you still have the logs, pls. grep them by the level PIX-1 and then PIX-2,
PIX-3, PIX-4 and PIX-5.
Look in each level and see if it logged anything.
Connecting the console and leaving it collect the output to a text file is a good idea. It might help.
-KS
10-24-2023 11:07 PM
I have heard of such problems with PIX in failover pair which have FO or FO_AA license established. If a failover unit with one of these licenses is used in
standalone mode, the unit will reboot at the least as soon as every 24 hours until the unit is again to failover duty. A unit with an FO or FO_AA license operates in standalone mode if it's miles booted with out being connected to a failover peer with a UR license.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide