I have two problems around LAN based failover which I would be grateful for help with
I have 2 PIX 535s , 1 with full license, 1 failover license. I have upgraded both IIXs to 6.22 and are configured for LAN based failover, which seems (superficially) to work. Problems are as follows:
1)I'm trying to upgrade PDM on the failover unit but, since the unit is in standby status, the LAN i/fs are inactive and I can't see the TFTP server. Is there any way in which I can update PDM in a PIX in standby mode?
2)If I fail the primary to get around this I can ping the TFTP server from the failover unit for about 1 minute but the then the failover unit goes back to standby status with the remote unit seen as active failed.
I don't personally have any experience with upgrading, but how are you going about doing your point #2?...how are you failing over. Are you saying it fails over to the failover (making it the primary), but then failing back?? Or does it just die then.
It give a lot of good information on different types of failover configs. It sounds very strange that your FO becomes inactive after 1min or so. Maybe check your config against some of these examples to see if you aren't missing something small.
As far as upgrading, this to me seems to be one of the concerns I have about the PIXs (unless I am missing something). But because you have to have all the same images and everything on both units it seems that you have to truly bring one of them off line and upgrade, then put that back in, and bring the other off line and upgrade, and then put back into FO mode. I personally would like to be able to do them while they were inline....that is just me.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :