Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1153
Views
0
Helpful
5
Replies

PIX Active/Standby Cable Failover with zero downtime?

j.jeater
Level 1
Level 1

‎04-28-2010 05:51 AM - edited ‎03-11-2019 10:38 AM

Chaps,

We have a pair of 515e's with cable based failover running 8.0(2).

Apparently in the past when one of the PIX's was turned off the failover was almost instant, recently it's taken about 30 secs.  Any idea what could be wrong.

'show xlate' on the stanbdby shows that it's getting stateful connections.

There have been no significant changes to the or upgrades, just new a few new servers/services added.

Any help appreciated,

Jim

Labels:
0 Helpful
5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-28-2010 06:01 AM

Here is the default failover timeout on PIX:

- unit failover: poll time: 15 seconds with hold time of 45 seconds:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/ef.html#wp1928426

- interface failover: poll time: 5 seconds with hold time 5 times the poll time: 25 seconds --> which is approximately 30 seconds:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/ef.html#wp1928586

0 Helpful

j.jeater
Level 1
Level 1
In response to Jennifer Halim

‎04-28-2010 06:07 AM

Hi,

Does it still need to poll when the serial cable detects the other unit is powered off?

Jim

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to j.jeater

‎04-28-2010 06:16 AM

You are right. No, if it detects that the other unit is powered off, it should automatically fail over. Maybe the serial cable is faulty.

0 Helpful

j.jeater
Level 1
Level 1
In response to Jennifer Halim

‎04-28-2010 06:19 AM

I had a debug running on the secondary and I saw a lot of activty when the active was switched off so I think the cable is fine.

Any other ideas?

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to j.jeater

‎04-28-2010 06:24 AM

Can you share the debug output on secondary?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card