Re: PIX 515E Failover problem.

KlediBodinaku24 · ‎12-15-2006

I have 2 PIX 515E runing the 7.0 IOS. They are configured to be a backup to each other. When I do a restart to the primary PIX i have the problem that the Second PIX becomes active and stays in that way even after the first has become avaiable again.

In this moment i can not connect with ASDM.

To connect i have to give a comand through telnet that tells the primary PIX that he has to be tha Active one.

Any idea on why?

regards.

Jon Marshall · ‎12-15-2006

I'm sure you have checked this but can you verify that the adsm image is also on the secondary firewall ?

KlediBodinaku24 · ‎12-18-2006

Both PIX's have the same packets. Yes the ASDM image is on the other PIX also, but my problem is why the primary PIX will not turn to be the primary after the restart?

Regards

Kledi

Jon Marshall · ‎12-18-2006

Are the pix pair running in active / standby mode. I haven't worked with v7.0 much but with v6.3 if the primary unit fails the secondary becomes active. if the primary comes back on line later it does not become the active again - it stays as secondary.

KlediBodinaku24 · ‎12-18-2006

Yes that is the case.

So it doesn't seem strange for this to happen but why i cant log in through ASDM?

Regards

thult · ‎12-19-2006

For the primary pix to become active after it returns from a reload you have to login to it (on the secondary IP-address) and issue the command "failover active".

However, you should be able to use the ASDM on the secondary Pix. Try to replace the ASDM-image on the secondary Pix and double check that it is the same version (and same file name) as on the primary pix.