Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
2
Replies

Issue with LAN Failover

nygenxny123
Level 1
Level 1

‎08-30-2010 11:24 AM - edited ‎03-11-2019 11:32 AM

Does this output of the show failover seem correct?.. Why are there 0.0.0.0 address for the subinterfaces

this is the Active FW--we are running in multiple context...with all the "work" being done in this context

XFW/core# show failover
Failover On
Last Failover at: 11:49:03 UTC Apr 5 2009
        This context: Active
                Active time: 44258322 (sec)
                  Interface Core_Handoff (10.11.24.10): Normal (Waiting)
                  Interface DMZ_Handoff (10.11.20.11): Normal (Waiting)
                  Interface CutThruDMZ (172.20.213.10): Normal (Not-Monitored)
                  Interface VIPs (172.20.224.1): Link Down (Not-Monitored)
                  Interface Direct (172.20.250.1): Normal (Not-Monitored)
        Peer context: Standby Ready
                Active time: 0 (sec)
                  Interface Core_Handoff (0.0.0.0): Normal (Waiting)
                  Interface DMZ_Handoff (0.0.0.0): Normal (Waiting)
                  Interface CutThruDMZ (0.0.0.0): Normal (Not-Monitored)
                  Interface VIPs (0.0.0.0): Normal (Not-Monitored)
                  Interface Direct (0.0.0.0): Normal (Not-Monitored)

Secondary

XFW1/core# sh failover
Failover On
Last Failover at: 11:51:17 UTC Apr 5 200
        This context: Standby Ready

Last Failover at: 11:51:17 UTC Apr 5 2009
        This context: Standby Ready
                Active time: 0 (sec)
                  Interface Core_Handoff (0.0.0.0): Normal (Waiting)
                  Interface DMZ_Handoff (0.0.0.0): Normal (Waiting)
                  Interface CutThruDMZ (0.0.0.0): Normal (Not-Monitored)
                  Interface VIPs (0.0.0.0): Link Down (Not-Monitored)
                  Interface Direct (0.0.0.0): Normal (Not-Monitored)
        Peer context: Active
                Active time: 44258266 (sec)
                  Interface Core_Handoff (10.11.24.10): Normal (Waiting)
                  Interface DMZ_Handoff (10.11.20.11): Normal (Waiting)
                  Interface CutThruDMZ (172.20.213.10): Normal (Not-Monitored)
                  Interface VIPs (172.20.224.1): Normal (Not-Monitored)
                  Interface Direct (172.20.250.1): Normal (Not-Monitored)

Labels:
0 Helpful
2 Replies 2

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎08-30-2010 12:40 PM

Hello,

Have you defined secondary addresses for the interfaces? If no, then what

you see is normal.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example091

86a0080834058.shtml#prim

Hope this helps.

Regards,

NT

0 Helpful

Edward Dutra
Cisco Employee
Cisco Employee

‎08-30-2010 04:12 PM

NT is correct.

Youre missing Standby IP addresses in firewall configuration. Once you configure a standby IP for each interface, the 0.0.0.0 will be configured with the configured standby IP address.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card