Cisco PIX515E active/stdby pair: process to disable i/f without failover

Unanswered Question
Sep 23rd, 2009
User Badges:
  • Gold, 750 points or more

Hi All,


We have a PIX 515E pair in active/stdby (Stdby: FO only license). failover config...

*********************

failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 12.25.10.6

failover ip address inside 192.168.33.3

failover ip address dmz 192.168.23.3

no failover ip address intf3

no failover ip address intf4

failover ip address statefull 100.10.10.2

failover link statefull

**************************

I would like shut the DMZ ports on both PIXs. With out encountering failover what us the process..?


TIA

MS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
auraza Wed, 09/23/2009 - 12:13
User Badges:
  • Cisco Employee,

You can use the monitor-interface command, and not monitor the DMZ interface.

mvsheik123 Wed, 09/23/2009 - 12:27
User Badges:
  • Gold, 750 points or more

Thanks for the reply but the monitor-interface command not supported in the version PIX having. 6.3(4)


TIA

MS

mvsheik123 Sat, 09/26/2009 - 08:24
User Badges:
  • Gold, 750 points or more

Fyi.. The following sequence of commands worked (on Primary)..


*************************

no failover ip address dmz 192.168.23.3

write standby

write mem

--> Shut the dmz interface administratively.


--> After issuing write standby (may not need) , administrtively shut the switch ports (where Pri and SEC PIC DMZ i/f connects)

-->Here I lost connectivity to SEC pix for a very brief period till the Stateful link status (sh failover) returns to 'Normal' from Waiting.


--> issued another write standby and write mem. Everything looks fine.


Thanks

MS


Actions

This Discussion