I have PIX515E Failover pair, the primary boots fine, but standby does not boot at all, no console output.
If you try boot 30 times, one time it might boot up as normal, but 29 times no console output at all does not boot.
IOS 8.03 running on both PIX.
Any suggestion is appreciated, thanks in advance.
When you have two units in failover one unit will always be the primary and the other unit will always be the secondary.
But the state of the failover is when you refer to active and standby.
The active unit is the one passing all the traffic, the standby is just monitoring the active unit.
The state changes depending which unit is passing traffic but the primary and secondary never change (unless you reconfigure failover).
If one of the units is not booting at all or its giving you this problem, my suggestion is to call TAC and order RMA.
The problem is that the PIXes are EoS and it depends if they are under contrat.
Otherwise the recommendation is a pair of ASAs.
I am well familiar with configuring PIX in failover mode. My issue is not the configuration of PIX for failover. But my issue is the standby PIX does not even boot at all. When you power it down and power it up again there is no console output. This is my personal firewall does not belong to company.
I was trying to clarify that the standby is just a state of the failover (it does not make any difference if you set this non-working unit to be the acitve, does it?)
It still fails.
From what you say,
I don't see much to do then.
Sounds like a hardware issue.
"if you set this non-working unit to be the acitve, does it?)" If the standby unit boots up, I could configure it to be the active or standby units, i.e. only if I could console onto it. As I mentioned before the standby unit boots fine very rarely 1 of out every 30 booting boots normal. I could not see the console output in 29 time out of 30 there is no output at all.
Which is why I could not narrow down its problem, as standby units boots fine rarely but most of the time it does not boot at all, when you plug the console there is no output on putty.
However I do not see any problem booting the active unit (i.e. primary unit)
I understand that you don't have a problem with failover.
I just wanted to clarify that you don't have a ''standby unit''
You do have a primary and a secondary unit.
The active and standby is just the role of the device at a certain time.
I'm not saying that you're incorrect, I'm just clarifying the terms.
Back to your problem, unfortunately seems like a hardware problem. You might try to contact TAC for further troubleshooting (even if it's your personal Firewall and does not belong to any company).
Thanks Federico for your input.
I believe this is must be a hardware issue. Since this PIX is not under warranty, nor it is under smart-net contract, it is more wiser to buy a mother-board (PIX515E mother-board) from ebay and replace the mother-board, rather than contacting Cisco TAC. Cisco will rob you to get it replace.
If I go along with replacing the mother-board, I need to import PIX515E failover license from old PIX to new PIX, is that right ?
I believe that you must import the failover key to the new PIX.
However, it's been a while since dealing with PIXes (aren't those keys linked to the serial number of the PIX)?
Well first of, if you try to load the activation-key from one to another you will most likely not succeed and risks turning your pix into a vedgetable.
The activation-key is generated for that individual pix alone and is not interchangeable.
Have you opened the box and checked weather or not the powersupply gives power to the motherboard, since when it works it works just fine it sounds more like a faulty powersupply or a bad connection between the powersupply and the motherboard than a screwed up motherboard.
if I do not remember wrong, there is a glass fuse in the powersupply , check that too.
check the connectors between the motherboard and the powersupply, measure with a multimeter.
Remove any cryptocards and network interface cards that are there.
remove memory modules and flash and reinsert them.
this is what I would start with.
Yes, the activation keys are tied to the serial numbers so you will not be able to use the same key even if you could swap the motherboard. The serial number is coded into the EPROM so it will change should the hardware change. It may be time to start looking at the ASA platform since the PIX has also gone End Of Sale:
Also the ASA platform will support the newer code trains as they are developed.
I would start by removing all addon cards from the PIX and try booting up with just a bare chassis (perhaps a card is causing a fault). If that still fails, even with a swapped power-supply, the board may simply be dead.