Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

traffic is not passing thru the firewall

Hi everyone,

I have two pix525's HA mode. I tried migrating the same to another vendor firewall, but due to some reasons I could not make it thru. Now, once i reverted back to the pix setup, i found none of the traffic is passing thru the primary firewall nor unable to ping, but thanks to God, it works with secondary. I do not find any config changes btw'n these f/ws. This was happened a week ago and still running with one f/w. Can any one help me in here...

-John Peter

5 REPLIES

Re: traffic is not passing thru the firewall

hey John

Do you have more details on your network ? How is the routing happening ? Are there any error logs on the PIX ? "show log" ? If the firewalls havent changed their configs, i dont see any reason, it should fail.. and especially if it works on failover..

Is it a normal failover or stateful / LAN failover ? are the configs in both the firewalls consistent ?

Raj

New Member

Re: traffic is not passing thru the firewall

Hi sachin,

well, its normal failover using failover cable. Does it matter if my pri has failover as active/active.

New Member

Re: traffic is not passing thru the firewall

Oops, no one replied..

Do you see any issues with failover license in primary ?

sh ver

Cisco PIX Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(4)

Compiled on Sun 26-May-08 13:39 by builders

System image file is "flash:/pix723.bin"

Config file at boot was "startup-config"

PIXFW up 12 mins 43 secs

failover cluster up 40 mins 23 secs

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: Ext: Ethernet0 : address is 001a.2f8c.ca16, irq 10

1: Ext: Ethernet1 : address is 001a.2f8c.ca17, irq 11

2: Ext: GigabitEthernet0 : address is 000e.0cbf.d619, irq 10

3: Ext: GigabitEthernet1 : address is 000e.0cbf.d519, irq 5

Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: xxxxxxx

Running Activation Key: xxxxxxxxxx

-John

New Member

Re: traffic is not passing thru the firewall

Hi All,

Problem remain the same....(nothing is working thru pri firewall, but works fine via sec)

But i have resolved the issue, as something clicked in my mind and applied it.

Any Guess ???

To know more contact me on toni@k.st

Re: traffic is not passing thru the firewall

hello john

was there any interface of the primary which was down ? in that case, the primary firewall might never become active.. what was the issue ? did u make the primary firewall, active, in a standalone mode ? was it working ?

Raj

125
Views
0
Helpful
5
Replies
CreatePlease login to create content