Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

reason for firewall failover

Hi,

Below are the logs. Please do let me know what causes the firewall to fail from primary firewall to secondary firewall.

Pix logs

08/11/2007 17:12:06 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105036: (Secondary) LAN failover dropped a cmd msg: FREQARP, seq = 871125

08/11/2007 17:12:06 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105036: (Secondary) LAN failover dropped a cmd msg: FHELLO, seq = 871126

08/11/2007 17:12:06 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105036: (Secondary) LAN failover dropped a cmd msg: FTRAFFIC, seq = 871127

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105003: (Secondary) Monitoring on interface 0 waiting

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105003: (Secondary) Monitoring on interface 1 waiting

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105003: (Secondary) Monitoring on interface 2 waiting

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105003: (Secondary) Monitoring on interface 3 waiting

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105003: (Secondary) Monitoring on interface 4 waiting

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-105003: (Secondary) Monitoring on interface 5 waiting

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-104001: (Secondary) Switching to ACTIVE - no response from mate.

08/11/2007 17:12:05 Local4 Alert 192.168.1.1 Nov 08 2011 17:06:14 pix-firewall : %PIX-1-103001: (Secondary) No response from other firewall (reason code = 1).

Thanks

1 REPLY

reason for firewall failover

Hello Kunal,

As we can see on the logs the Secondary device is monitoring all interfaces and he is not receiving any hello packets that is why we see the interface on waiting state, this caused failover to happen.

If a Pix/Asa does not receive hello packets on the interfaces being monitored he will think his mate is dead so he will become active.

Hope this helps! if not let me know and I will do my best to help you on this

Please rate helpful posts.

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
455
Views
0
Helpful
1
Replies