Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP transfer failed when PIX failover

I have 2 PIX 515E in HA. Lan based failover and stateful failover configured. If I start FTP from outside to inside and just login to the ftp server and do not do a transfer, fail a pix and there is a pause (47sec) while the secondary pix takes over but the ftp connection stays active and I do not have to login again. However if I have an ftp transfer running and fail a pix you get a netout:connection reset by peer and you lose the ftp connection and have to login again. I was expecting the transfer to pause while secondary pix takes over and then continue. Anyone now why its not doing that?


Re: FTP transfer failed when PIX failover

I would check your configuration - expecially your hello and hold times, 47 sec is way to long:-

TCP state tables are replicated - however if the apps is time sensitive - and the failover does not happen in a timely manner, the app session will have to be re-established.


New Member

Re: FTP transfer failed when PIX failover

The default holddown is 45 seconds. I tested at 20 seconds and the same thing occurred. Dropped it to 6 seconds and it the ftp transfer worked ok. So must be the DOS ftp client droping the transfer when traffic stops for more than 15 sec.

Re: FTP transfer failed when PIX failover

Yes - you can also fine tune it to between 200 - 900ms!