01-05-2009 09:20 AM - edited 03-11-2019 07:32 AM
Hi everyone,
I have two pix525's HA mode. I tried migrating the same to another vendor firewall, but due to some reasons I could not make it thru. Now, once i reverted back to the pix setup, i found none of the traffic is passing thru the primary firewall nor unable to ping, but thanks to God, it works with secondary. I do not find any config changes btw'n these f/ws. This was happened a week ago and still running with one f/w. Can any one help me in here...
-John Peter
01-05-2009 09:46 AM
hey John
Do you have more details on your network ? How is the routing happening ? Are there any error logs on the PIX ? "show log" ? If the firewalls havent changed their configs, i dont see any reason, it should fail.. and especially if it works on failover..
Is it a normal failover or stateful / LAN failover ? are the configs in both the firewalls consistent ?
Raj
01-05-2009 10:35 PM
Hi sachin,
well, its normal failover using failover cable. Does it matter if my pri has failover as active/active.
01-07-2009 04:48 AM
Oops, no one replied..
Do you see any issues with failover license in primary ?
sh ver
Cisco PIX Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(4)
Compiled on Sun 26-May-08 13:39 by builders
System image file is "flash:/pix723.bin"
Config file at boot was "startup-config"
PIXFW up 12 mins 43 secs
failover cluster up 40 mins 23 secs
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0 : address is 001a.2f8c.ca16, irq 10
1: Ext: Ethernet1 : address is 001a.2f8c.ca17, irq 11
2: Ext: GigabitEthernet0 : address is 000e.0cbf.d619, irq 10
3: Ext: GigabitEthernet1 : address is 000e.0cbf.d519, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: xxxxxxx
Running Activation Key: xxxxxxxxxx
-John
01-10-2009 02:35 AM
Hi All,
Problem remain the same....(nothing is working thru pri firewall, but works fine via sec)
But i have resolved the issue, as something clicked in my mind and applied it.
Any Guess ???
To know more contact me on toni@k.st
01-12-2009 05:33 PM
hello john
was there any interface of the primary which was down ? in that case, the primary firewall might never become active.. what was the issue ? did u make the primary firewall, active, in a standalone mode ? was it working ?
Raj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide