Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Primary PIX failover interface stays in testing state

I issued the show failover command on my primary pix box. It showed two of the three interfaces in normal mode, but the third ( a vpn tunnel) was in test mode. I was able to ping, and send traffic successfully going through the third interface; but when the show failover was issued, the third interface was consistently in testing mode. When the show failover command was issued on the secondary pix box, all three interfaces were in normal mode. I finally reloaded the secondary pix box and this seemed to resolve the issue.

Has any body seen this, and is this a comman problem?

Version 6.1

  • Other Security Subjects
Cisco Employee

Re: Primary PIX failover interface stays in testing state

In the event the "hello" packets are not received on an interface, or an interface waiting for "hello" more than 2.5 minutes after the other interface went into normal state, the interface is placed in "testing" mode (if the interface is not shutdown and link status is up). When this occurs, the other unit is informed through the failover cable that the interface is in testing mode. While an interface is in testing mode, normal traffic can flow, provided the interface is functioning properly. Testing is started only if an error condition has occurred and is therefore based on the idea that "if I'm okay, then you must be failed."

Hope that answers your query.