I configured 2 pix 525 ( active / standby) / LAN Failover with 2 IP-Addresses in the same Vlan, they did work for about 1 day and then lost one of them.
Tried to ping through the working one without success, the problem is that the working one (it was the standby one) is looking for the other one and during that time we loose the connectivity to the network and the internet goes down.
The primary / 192.168.111.250 and the other one is 251, I can't ping the 251 one from the primary but if I switch off the primary (x.x.x.250) and use HyperTerminal to connect to the other one then I see that the connected one (hyper terminal) is the standby pix with the IP (x.x.x.250) but changed to active, and if I switch off the standby pix ( x.x.x.251) and connect to the other one then I see that it's the standby and changed to active. In both cases I get network problems
The problem is that when both are switched on then the primary (x.x.x.250) is the standby and I can't ping or login to the other pix ( should be the x.x.x.251) and then I get problems with the network.
I would like to use only one if possible as I lost about 8 hours today trying to fix the issue without success and we have a conference I 24 hours and I need t get the network stable. Could I use only one (at least for 1 week) ? if yes, then what do I have to change in the config ( e.g disable the failover)?
What's the best thing to do to get at least one of them online without looking for the other pix?
Hope will get an answer soon as I have a big problem.
I am not sure if there is a tool for migrating the configuration from PIX to ASA8.3+ If there is, I have not come across it before. I do know that if you are upgrading from 8.2 to a later version the ASA will migrate the commands itself...though I have had mixed results with this as there have been many duplicate entries.
I did come across this webpage that has a tool for migrating NAT rules...which might be useful. I just did a couple small tests with it and it seems to work fine...though I am unsure how it will handle a large amount of rules.
I had the similar issue in my past experience. I have tried many options that time, but a restart of the pix devices gave a desired result. I possible can you share the sh failover output from the active device.... Try to make any of the pix as active and ensure the traffic is passing through that....
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :