Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

no failover ip address on inside interface

I have a pix 6.x running failover configuration (active/standby). with one outside interface and two inside interfaces. one inside has failover and the second does not as is connected directly to a device that is not redundant. When we reloaded the Primary (active) pix the Secondary (standby) became Active but after about 2 mins when the Primary came back online it became (active again) and the Secondary became standby. any ideas on where to look for diagnosing why this happend (as i understand the pix failover as nonrevertive and the secondary would have to have some interface/power/cable issue to fail back).

show failover

failover timeout 0:00:00

failover poll 15

failover ip address outside xxx.xxx.xxx.xxx

failover ip address inside zzz.zzz.zzz.zzz

no failover ip address intf2

3 REPLIES

Re: no failover ip address on inside interface

You are correct in that pix failover is nonrevertive. I've had problems before trying to run failover on some interfaces but not others.

What does "show failover" give?

It would loog the failure in the buffer and there are also debug commands.

New Member

Re: no failover ip address on inside interface

i was thinking about this some more: If you have (PIX Primary: Active, PIX Secondary:Standby, with 3 interfaces, outside=UP, inside=UP, intf2=UP) if you reload the PIX Primary the PIX Secondary will become Active..that is fine.... but it will have a failed interface (intf2=DOWN) on the PIX Secondary (in active state)... once the Primary is back online it will do a failover negotiation.... and will determine a failed NIC on the Secondary, and will become Active. Does that make sense...?... i think that would be the correct response on the primary being rebooted.

Re: no failover ip address on inside interface

Hi,

Could you please paste the entire config from the PIX.

I guess PIX will NOT accept one of the interfaces being used on one UR and not being used on the FO, it will treat it as an interface failure.

You need to have a Mirror Replication of the UR on the FO as well.

Hope it helps.

Please rate the post.

Kind Regards,

Wilson Samuel

407
Views
0
Helpful
3
Replies
CreatePlease to create content