cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
271
Views
0
Helpful
3
Replies

Cisco PIX515E active/stdby pair: process to disable i/f without failover

mvsheik123
Level 7
Level 7

Hi All,

We have a PIX 515E pair in active/stdby (Stdby: FO only license). failover config...

*********************

failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 12.25.10.6

failover ip address inside 192.168.33.3

failover ip address dmz 192.168.23.3

no failover ip address intf3

no failover ip address intf4

failover ip address statefull 100.10.10.2

failover link statefull

**************************

I would like shut the DMZ ports on both PIXs. With out encountering failover what us the process..?

TIA

MS

3 Replies 3

auraza
Cisco Employee
Cisco Employee

You can use the monitor-interface command, and not monitor the DMZ interface.

Thanks for the reply but the monitor-interface command not supported in the version PIX having. 6.3(4)

TIA

MS

Fyi.. The following sequence of commands worked (on Primary)..

*************************

no failover ip address dmz 192.168.23.3

write standby

write mem

--> Shut the dmz interface administratively.

--> After issuing write standby (may not need) , administrtively shut the switch ports (where Pri and SEC PIC DMZ i/f connects)

-->Here I lost connectivity to SEC pix for a very brief period till the Stateful link status (sh failover) returns to 'Normal' from Waiting.

--> issued another write standby and write mem. Everything looks fine.

Thanks

MS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: