We've noticed that Active/Standby Failover does not function anymore.
(Lucky for us the FWSM is runnig very solid)
After restarting either one of the two units in the failover configuration, the already active unit becomes totally unavailable.
In this state the unit cannot be reached (neither directly by SSH nor from within the chassis via the 'session slot...' and 'telnet 127.0.0.X' commands) and is carrying no traffic.
(We've noticed this problem before when configuring Multicast on the FWSM. After removal of the MC configuration all seemed to work fine, but now we have the same problem back again.)
- two FWSM modules in active/standby failover
- two Cat6500 chassis, each containing one FWSM, and two Supervisor Engine 720 in RPR+
- software version FWSMs: version 3.1.3 of 3.1.1
- software version Supervisor Engine 720s: s72033-advipservicesk9_wan-mz.122-18.SXF4.bin
- Chassis interconnected by two times 10Gb/s trunks, both carrying statelink and failover over separate VLANs
f01/sec/act# sh ver
FWSM Firewall Version 3.1(3)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.
Compiled on Thu 06-Jul-06 12:44 by dalecki
f01 up 2 days 20 hours
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash SanDisk SDCFB-128 @ 0xc321, 20MB
0: Int: Not licensed : irq 5
1: Int: Not licensed : irq 7
2: Int: Not licensed : irq 11
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Interfaces : 256
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
Serial Number: SAD0637022V
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration last modified by enable_1 at 14:46:39.980 MET Fri Apr 20 2007
Could it be we lost the activation key along the upgradin' way?
In that case, isn't it strange that we cannot reach the failed unit, even with 'session slot' command?
Please see attachement.