07-05-2005 02:21 PM - edited 03-09-2019 11:45 AM
I have a PIX 525 ver6.3.3 with a failover. I used to be able to connect to both pix firewalls but now I cannot connect to the active firewall via the main internal interface. I can connect to it from a different interface I originally set up for management purposes. I have checked the IPs for PDM connection and its fine. I have also added another IP to the access list to make sure it wasnt a PC problem.
07-08-2005 05:04 AM
What do you get when you tries to connect to the active pix though the pdm? Are you able to ping the pix inside interface from the host you are trying to load the pdm from on inside?
07-08-2005 06:37 AM
I can ping the active pix just fine. I get an IE error of 401 I believe. Whats weird is I just tried it this morning and it worked.....I changed nothing.
07-08-2005 07:11 AM
It could be the browser issue. May be the java virtual machine might not be working or some other issue related to browser. I hope now the issue is resolved as per you message.
If you have any questions, please feel free to contact me.
Thanks & Regards,
Harish Tandon
07-08-2005 08:23 AM
whats weird is I could ALWAYS connect to the standbye unit but not the active one.
07-08-2005 08:55 AM
In a failover environment, there are two pix. Primary pix and the secondary pix and there are two state Active and standby. You mean Active doesn't mean the primary and standby mean the secondary? If that is the case then it is behaving correctly. If you mean standby as secondary pix. and incase secondary pix is active due to the failover it would happen that you will be able to pdm to the secondary pix since it would be active that time. Please confirm if that is not the case.
07-08-2005 11:13 AM
I can always connect to (via the dpm) the secondary/standbye pix. I cannot always connect to the primary/active pix. This is via the same PC.
When I couldn't connect to the primary/active pix via the internal interface I used a laptop to connect to another interface (i set this up initially for open IP access incase I was not at work so coworkers could connect via a laptop on that int). I could connect to the primary/active pix via this other interface when I couldn't connect from the internal int. Whats wierd is I can connect now from the int interface. I hate intermittent problems.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide