Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX failing over unexpectedly?

Hello,

We have two PIX515E(failover via serial cable). Ever since we physically relocated the two firewalls, it's been failing over to secondary then back to primary. It happened three times within a span of three months. I verified that there was no trend in the timing of the failover, it just happens sporatically. We do not have Syslog setup yet, so I do not have any logs to attach.

This is what i get with the "sh failover" command:

****************

*PIX Firewall-1*

*//10.10.10.1//*

****************

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: <time here> PDT <date here>

This host: Primary - Active

Active time: 39630 (sec)

Interface dmz1 (10.10.1.1): Normal

Interface inside (10.10.10.1): Normal

Interface dmz2 (10.10.2.1): Normal

Interface dmz3 (10.10.3.1): Normal

Interface dmz4 (10.10.4.1): Normal

Interface dmz5 (10.10.5.1): Normal

Other host: Secondary - Standby

Active time: 165180 (sec)

Interface dmz1 (10.10.1.2): Normal

Interface inside (10.10.10.2): Normal

Interface dmz2 (10.10.2.2): Normal

Interface dmz3 (10.10.3.2): Normal

Interface dmz4 (10.10.4.2): Normal

Interface dmz5 (10.10.5.2): Normal

Stateful Failover Logical Update Statistics

Link : Unconfigured.

****************

*PIX Firewall-2*

*//10.10.10.2//*

****************

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: <time here> PDT <date here>

This host: Secondary - Standby

Active time: 165180 (sec)

Interface dmz1 (10.10.1.2): Normal

Interface inside (10.10.10.2): Normal

Interface dmz2 (10.10.2.2): Normal

Interface dmz3 (10.10.3.2): Normal

Interface dmz4 (10.10.4.2): Normal

Interface dmz5 (10.10.5.2): Normal

Other host: Primary - Active

Active time: 39630 (sec)

Interface dmz1 (10.10.1.1): Normal

Interface inside (10.10.10.1): Normal

Interface dmz2 (10.10.2.1): Normal

Interface dmz3 (10.10.3.1): Normal

Interface dmz4 (10.10.4.1): Normal

Interface dmz5 (10.10.5.1): Normal

Stateful Failover Logical Update Statistics

Link : Unconfigured.

I was wondering if anyone had any ideas why this is happening.

Thanks,

-Lee

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: PIX failing over unexpectedly?

Possibly one of the connected interfaces is losing connectivity to the other PIX. What other devices are connected? Do you have logging on them? Maybe spanning tree problems etc...

2 REPLIES
New Member

Re: PIX failing over unexpectedly?

Possibly one of the connected interfaces is losing connectivity to the other PIX. What other devices are connected? Do you have logging on them? Maybe spanning tree problems etc...

New Member

Re: PIX failing over unexpectedly?

How simple was that! A few switch ports that the PIX interfaces was plugged into was negotiating incorrectly(duh!). There was a huge amount of collisions/late collisions and deferred packet losses. So I just forced the duplex & speed on the switch ports, until now there are no reported collisions.

Thank you!

95
Views
0
Helpful
2
Replies