Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX515 problem, switching between primary-secondary

Status
Not open for further replies.
arqdennis

arqdennis

Technical User
Jan 3, 2002
10
US
I got the following from syslog. it repeats itself over and over. switching from primary to secondary and visa-versa. I need some clues on what could be causing this. I am running PIX515 with s/w version 4.4(8).

105008: (Primary) Testing Interface 5
104002: (Primary) Switching to STNDBY.
104003: (Primary) Switching to FAILED.
105009: (Primary) Testing on interface 5 Failed
105003: (Primary) Monitoring on interface 2 waiting
105003: (Primary) Monitoring on interface 0 waiting
105003: (Primary) Monitoring on interface 1 waiting
104004: (Primary) Switching to OK.
104001: (Primary) Switching to ACTIVE (cause: state check).
104001: (Primary) Switching to ACTIVE (cause: the otherside want me take over).
105004: (Primary) Monitoring on interface 2 normal
105004: (Primary) Monitoring on interface 0 normal
105004: (Primary) Monitoring on interface 0 normal


thanks in advance,

ARQ.
 
Sort by date Sort by votes
by the way we are not using interface 5...

ARQ.
 
Upvote 0 Downvote
HI.

I have no experience with fail-over but will try to help here.

Did you verify in the config that interface 5 is administrativly shut down?
Use also "show interface" to check.

OR instead - you can try to connect interface 5 of both boxes to same hub and see what happens.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
yeap, they are down on both primary and secondary. I have not seen problems yet with the failover disconnected. seems that the primary checks the secondary and if it's not working the secondary will go online. After a few minutes the secondary probs the primary and if it's ok it will run the primary PIX box.

interface ethernet4 "pix/intf4" is up, line protocol is down
...
interface ethernet5 "pix/intf5" is up, line protocol is down
...

thanks,

ARQ.
 
Upvote 0 Downvote
Are you doing stateful failover? If you are, you'll need version 5.0 or later.
 
Upvote 0 Downvote
You MUST disable able any interfaces that are not in use or failover will not work.

Also:

- Enable portfast on all ports on the switch that connects directly to the PIX Firewall.

- Turn off trunking on all ports on the switch that connects directly to the PIX Firewall.

- Turn off port channeling on all ports on the switch that connects directly to the PIX Firewall.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
140
ITSUPPORTIT
ITSUPPORTIT
handle2110
  • Locked
  • Question
Communication between interfaces
Replies
0
Views
97
handle2110
handle2110
wrighbr1
  • Locked
  • Question
Cisco ASA 5505 site to site VPN problem
Replies
0
Views
122
wrighbr1
wrighbr1
mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
122
mattbarkerlfc
mattbarkerlfc
sebd44
  • Locked
  • Question
sonicwall statistics problem
Replies
0
Views
123
sebd44
sebd44

Part and Inventory Search

Sponsor

Back
Top