I have two pix 535 configured in failover but recently the primary unit began to failover constantly. When i power off the standby unit however, it no longer does this. Any ideas what would cause this behavior.
Can you see anything in the log or syslog (if you are send information to a syslog server), around the time the secondary fails that might be suspect? Also is this a LAN based failover or do you have the serial failover cable between the two???
Unfortunately i can't find any clues in the syslog. i'm using a serial cable between the two devices. i'm tempted to power up the standby unit and try to replicate the event and see if i get any clues but since i'm in a semi-production enviroment, i'm a little hesitant to do this.
High load and low memory can cause this. The pix may lose hellos and stateful information during both conditions that can cause failovers to occur.
Are you logging a lot of messages? I believe that failover shares the same memory blocks with syslog, and an enormous number of messages can cause this. Especially if a lot of traffic is getting denied by scans, DoS, etc.
What does the cpu utilization look like when it happens? You can track cpu, free mem, memory blocks, interface usage, connections, and xlates via snmp.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :