Re: failover warning (missing interface....)

a.youssef · ‎11-13-2003

i had instaled 2 pix 525, when i activate failover its works but its shows the warning bellow:

( pix have 3 interfcaes : inside, outside and off)

WARNING, missing ip or failover address on off interface

WARNING, missing ip or failover address on inside interface

WARNING, missing ip or failover address on outside interface,

can you help me to anderstand what hapen?

lwierenga · ‎11-13-2003

Issue the "write standby" command on the active unit, this will force the entire configuration to memory on the standby unit.

kagodfrey · ‎11-14-2003

Have you configured firewall with your failover IP addresses?

failover ip address outside a.b.c.d

failover ip address inside m.n.o.p

failover ip address off w.x.y.z

a.youssef · ‎11-19-2003

No the commande that i have used for activate FAILOVER are:

failover on

write standby

write memory

NB: 2 pix are configured as PASSIF/ ACTIF using Failover cable,

a.youssef · ‎11-19-2003

i do that but the same warnning appears aftres ~3 minutes

kagodfrey · ‎11-19-2003

You need to issue your failover ip addresses. This document explains more about failover and what is required to configure it:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

HTH

a.youssef · ‎11-20-2003

i did that but nothing changes!!!

engel · ‎11-27-2003

Can you post your config so we can spot the problem ?

a.youssef · ‎11-29-2003

in order to post my config,I NEED YOUR E-MAIL PLEASE.

(for security reason).

thinks,

I'm waiting for your answer

my mail is: youssef.a@laposte.net

a.youssef · ‎12-01-2003

notations:

x.y.z.X is my publics IP

aa.bb.cc is my domain:

this windows is taked before and after The Warnning message that we discuss about:

______________BEGENING of conf ____________________

myPix(config)# failover

myPix(config)# show failover

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

This host: Primary - Active

Acti

Interface outside (x.y.z.171): Normal (Waiting)

Interface inside (192.168.1.100): Normal (Waiting)

Interface off (127.0.0.1): Link Down (Waiting)

Other host: Secondary - Standby

Active time: 0 (sec)

Interface outside (0.0.0.0): Unknown (Waiting)

Interface inside (0.0.0.0): Unknown (Waiting)

Interface off (0.0.0.0): Unknown (Waiting)

Stateful Failover Logical Update Statistics

Link : Unconfigured.

myPix(config)# Sync Started

Sync Completed

myPix(config)# write standby

Building configuration...

[OK]

myPix(config)# Sync Started

Sync Completed

myPix(config)# write mem

Building configuration...

Cryptochecksum: xxxxxxx

[OK]

myPix(config)# WARNING, missing ip or failover address on off interface

WARNING, missing ip or failover address on inside interface

WARNING, missing ip or failover address on outside interface

myPix(config)# show conf

: Sa

: Written by enable_15 at 00:10:57.279 UTC Fri Jan 1 1993

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 off security50

enable password xxxxxxencrypted

passwd xxxxxxencrypted

hostname fireMET

domain-name aa.bb.cc

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

pager lines 24

mtu outside 1500

mtu inside 1500

mtu off 1500

ip address outside x..y.z.171 255.255.255.w

ip address inside 192.168.1.100 255.255.255.0

ip address off 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address ins

no failover ip address off

pdm location 192.168.16.1 255.255.255.255 inside

pdm location 192.168.16.2 255.255.255.255 inside

pdm history enable

arp timeout 14400

global (outside) 1 x.y.z.172-x.y.z.190 netmask 255.255.255.w

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

alias (inside) x.y.z.161 192.168.1.2 255.255.255.255

static (inside,outside) x.y.z.169 192.168.1.1 netmask 255.255.255.255 0 0

static (inside,outside) x.y.z.161 192.168.1.2 netmask 255.255.255.255 0

conduit permit icmp any any

conduit permit tcp host x.y.z.169 eq domain any

conduit permit tcp host x.y.z.161 eq www any

conduit permit tcp host x.y.z.169 eq smtp any

conduit permit tcp host x.y.z.169 eq pop3 any

conduit permit udp host x.y.z.169 eq domain any

conduit permit udp host x.y.z.169 eq 1434 any

conduit permit tcp host x.y.z.169 eq 1433 any

conduit permit tcp host x.y.z.169 eq imap4 any

conduit permit tcp host x.y.z.169 eq ftp any

conduit permit tcp host x.y.z.169 eq https any

route outside 0.0.0.0 0.0.0.0 x.y.z.170 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

_________________________END______________________

please i'm waitting you,

thinks a lot (merci beaucoup)