Primary PIX failover interface stays in testing state
I issued the show failover command on my primary pix box. It showed two of the three interfaces in normal mode, but the third ( a vpn tunnel) was in test mode. I was able to ping, and send traffic successfully going through the third interface; but when the show failover was issued, the third interface was consistently in testing mode. When the show failover command was issued on the secondary pix box, all three interfaces were in normal mode. I finally reloaded the secondary pix box and this seemed to resolve the issue.
Has any body seen this, and is this a comman problem?
Re: Primary PIX failover interface stays in testing state
In the event the "hello" packets are not received on an interface, or an interface waiting for "hello" more than 2.5 minutes after the other interface went into normal state, the interface is placed in "testing" mode (if the interface is not shutdown and link status is up). When this occurs, the other unit is informed through the failover cable that the interface is in testing mode. While an interface is in testing mode, normal traffic can flow, provided the interface is functioning properly. Testing is started only if an error condition has occurred and is therefore based on the idea that "if I'm okay, then you must be failed."
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...