Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX failover II.

Hi all,

Id like to consult second problem

with our failover with PIXs 525 and PIXOS 7.0.4. Both are connected with serial cable and dedicated ethernet cable.

Problem is:

When I disconnect one interface on

Primary-Active PIX than other one takes

role. But when I connect interface back I see on primary one (CLI command show failover) that it is secondary and one which was secondary is primary. But active is now the same as before but is signed as secondary. Cable is placed correctly..primary side on primary and secondary side on failover (secondary).

Any idea?

BR

jl

6 REPLIES
Hall of Fame Super Blue

Re: PIX failover II.

Hi Jl

This is normal behaviour for the pix with failover. The secondary will be active if it sees the pix primary goes down. But when the prinary comes back up it will not take over as the primary, it will assume the role of secondary.

It is not a problem.

HTH

Jon

Community Member

Re: PIX failover II.

Hi Jon,

thanks for info....but why PIX before Primary

and now Secondary is Secondary-Active?

Why they don?t change only state Active ..Standby. But they change Secondary and Primary

roles. I thought that serial cable determine roles and this don?t change.

BR

jl

Hall of Fame Super Blue

Re: PIX failover II.

Hi Jl

The cable does determine which is primary and which is secondary and as you point out if you connect the cable the wrong way round failover will not work.

But the firewall coming back up does not preempt the active firewall. Thinking of primary and secondary can be a bit misleading in this sense. Think of it as active and standby. Either firewall can be active or standby.

Jon

Community Member

Re: PIX failover II.

You will need to issue (from configuration mode)

the failover active command on the primary (standby) pix.

Simply telnet to the failover inside IP address and issue the command.

You will then loose your connection.

Community Member

Re: PIX failover II.

Hi all,

thanks for an advice. Now Im knowledgeabled.

I entered the command failover active and everything is like before. Fine.

jl

Community Member

Re: PIX failover II.

Glad to hear.

Likewise you could have just pulled a cable from the Secondary active to have failover fail back to the primary. :)

There is also an active light on the front to help determine which firewall is currently active.

Cheers

143
Views
0
Helpful
6
Replies
CreatePlease to create content