Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

LAN-based failover problem

Hi all,

I have configured two PIX515E with 6.2(2) OS for failover operation. The two devices are connected with the failover cable and they seem to work properly. If I configure on the primary active FW the lan-based failover, I get the following messages:

LAN-based Failover: trying to contact peer.

LAN-based Failover: Send hello msg and start failover monitoring

LAN-based Failover Warning, received bad signature pkt

If I check the LAN operation with the

sh failover lan detail

I see on both device that they have exchanged 2 packets. After it no more messages are exchanged. On the primary I see thet it is the active and the secondary is failed. On the secondary I see that it is the secopndary and is in standby and the other device is secondary too and is in standby.

What can be the problem?


Re: LAN-based failover problem


is there a switch between the two firewalls? It could be that spanning tree on the switch is causing your problem. Try to enable portfast on the switch for each port a pix interface is connected to.

More info on this page:

(do a search on 'portfast')

Kind Regards,


Community Member

Re: LAN-based failover problem

Hi Tom,

there isn't any switch between the devices. They are connected via a crossover cable.

Re: LAN-based failover problem


have a look at this document:

Somewhere in the text you will find these two lines:

"It is recommended that you connect the Primary and Secondary PIXes with a dedicated switch. Do not use crossover cables."

I don't know is this is really a solution to you problem, but you could give it a try.

Merry Christmas :-)


Community Member

Re: LAN-based failover problem

If you do not set failover lan key on both site , it´s may be the solution

Community Member

Re: LAN-based failover problem

From what you are saying you are using the provide Cisco failover cable?? The cable that tells you which side is primary or not. correct? If so, you should not be using the lan failover configuration. That is for if you go thru a switch or something like that.

Try something like this:


failover ip address outside x.x.x.x

failover ip address dmz x.x.x.x

failover ip address inside x.x.x.x

failover ip address failover x.x.x.x

failover link failover

This is just an example.

Hope this helps.

Community Member

Re: LAN-based failover problem

I was having a problem like yours

No Im not using the serial cable. Im using the failover LAN mode.

you need to define the password for the PIX failover security

Use the configuration above + the

"failover lan key " command Im both units .

You need to define also what unit is the primary/secondary by default

Go to the PDM session of failover configuration and

click the ? icon. See the examples

Community Member

Re: LAN-based failover problem

CreatePlease to create content