Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
3
Replies

FTP transfer failed when PIX failover

j-tucker
Level 1
Level 1

‎08-06-2008 02:12 AM - edited ‎03-11-2019 06:26 AM

I have 2 PIX 515E in HA. Lan based failover and stateful failover configured. If I start FTP from outside to inside and just login to the ftp server and do not do a transfer, fail a pix and there is a pause (47sec) while the secondary pix takes over but the ftp connection stays active and I do not have to login again. However if I have an ftp transfer running and fail a pix you get a netout:connection reset by peer and you lose the ftp connection and have to login again. I was expecting the transfer to pause while secondary pix takes over and then continue. Anyone now why its not doing that?

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎08-06-2008 02:21 AM

I would check your configuration - expecially your hello and hold times, 47 sec is way to long:-

TCP state tables are replicated - however if the apps is time sensitive - and the failover does not happen in a timely manner, the app session will have to be re-established.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

HTH>

0 Helpful

j-tucker
Level 1
Level 1
In response to andrew.prince

‎08-06-2008 03:59 AM

The default holddown is 45 seconds. I tested at 20 seconds and the same thing occurred. Dropped it to 6 seconds and it the ftp transfer worked ok. So must be the DOS ftp client droping the transfer when traffic stops for more than 15 sec.

0 Helpful

andrew.prince
Level 10
Level 10
In response to j-tucker

‎08-06-2008 04:16 AM

Yes - you can also fine tune it to between 200 - 900ms!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card