Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
5
Replies

traffic is not passing thru the firewall

john_peter
Level 1
Level 1

‎01-05-2009 09:20 AM - edited ‎03-11-2019 07:32 AM

Hi everyone,

I have two pix525's HA mode. I tried migrating the same to another vendor firewall, but due to some reasons I could not make it thru. Now, once i reverted back to the pix setup, i found none of the traffic is passing thru the primary firewall nor unable to ping, but thanks to God, it works with secondary. I do not find any config changes btw'n these f/ws. This was happened a week ago and still running with one f/w. Can any one help me in here...

-John Peter

Labels:
0 Helpful
5 Replies 5

sachinraja
Level 9
Level 9

‎01-05-2009 09:46 AM

hey John

Do you have more details on your network ? How is the routing happening ? Are there any error logs on the PIX ? "show log" ? If the firewalls havent changed their configs, i dont see any reason, it should fail.. and especially if it works on failover..

Is it a normal failover or stateful / LAN failover ? are the configs in both the firewalls consistent ?

Raj

0 Helpful

john_peter
Level 1
Level 1
In response to sachinraja

‎01-05-2009 10:35 PM

Hi sachin,

well, its normal failover using failover cable. Does it matter if my pri has failover as active/active.

0 Helpful

john_peter
Level 1
Level 1
In response to sachinraja

‎01-07-2009 04:48 AM

Oops, no one replied..

Do you see any issues with failover license in primary ?

sh ver

Cisco PIX Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(4)

Compiled on Sun 26-May-08 13:39 by builders

System image file is "flash:/pix723.bin"

Config file at boot was "startup-config"

PIXFW up 12 mins 43 secs

failover cluster up 40 mins 23 secs

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: Ext: Ethernet0 : address is 001a.2f8c.ca16, irq 10

1: Ext: Ethernet1 : address is 001a.2f8c.ca17, irq 11

2: Ext: GigabitEthernet0 : address is 000e.0cbf.d619, irq 10

3: Ext: GigabitEthernet1 : address is 000e.0cbf.d519, irq 5

Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: xxxxxxx

Running Activation Key: xxxxxxxxxx

-John

0 Helpful

john_peter
Level 1
Level 1
In response to john_peter

‎01-10-2009 02:35 AM

Hi All,

Problem remain the same....(nothing is working thru pri firewall, but works fine via sec)

But i have resolved the issue, as something clicked in my mind and applied it.

Any Guess ???

To know more contact me on toni@k.st

0 Helpful

sachinraja
Level 9
Level 9
In response to john_peter

‎01-12-2009 05:33 PM

hello john

was there any interface of the primary which was down ? in that case, the primary firewall might never become active.. what was the issue ? did u make the primary firewall, active, in a standalone mode ? was it working ?

Raj

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card