×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problem with Pix515E 6.3(4) in failover mode

Unanswered Question
Apr 25th, 2006
User Badges:

I am facing a problem in pix515e 6.3(4) in failover mode. Problem is that when I make secondary as active firewall traffic is running fine but when I am making primary as active traffic is not smooth and there are RTOs after 10-15 replies. Again if I make secondary as active traffic is smooth and having no problem.Please suggest on the same.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a-vazquez Wed, 05/03/2006 - 08:10
User Badges:
  • Silver, 250 points or more

If you have failover hello set to the maximum of 15 seconds and the inside interface goes bad, then the standby does not declare that the primary has failed until it misses at least two hellos, 30 seconds. Some people set the failover hellos to the minimum of 3 seconds but then the PIX can failover unnecessarily. Cisco recommends that you set the hello to the maximum of 15 seconds.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml#statefulfailover

Actions

This Discussion