Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
5
Replies

Problems with config synchronisation on failover unit

d-fillmore
Level 2
Level 2

‎03-09-2007 07:08 AM - edited ‎03-09-2019 05:34 PM

Hi - I've recently swapped a PIX 515 with a failover licence for a replacement unit and since then can't get it to synchronise it's config. The licence says "This platform has a Failover Only-Active/Standby (FO) license"

and the message I get in the logs is;

Message #545 : Detected an Active mate

Message #546 : Unable to sync configuration from Active

Message #547 :

Message #548 :

Message #549 : ========================= NOTICE =========================

Message #550 : This platform is licensed to run in

Message #551 : failover secondary mode only

Message #552 : ==========================================================

It's running version 7.2(1) code - Any ideas? Can't find that message anywhere on CCO or google.

Thanks in advance

Labels:
0 Helpful
5 Replies 5

vitripat
Level 7
Level 7

‎03-09-2007 10:49 AM

What version is running on the Primary-Active PIX? If the versions are same, did you execute following command on the Secondary-Standby PIX:

failover

Let me know if this helps.

Regards,

Vibhor.

0 Helpful

d-fillmore
Level 2
Level 2
In response to vitripat

‎03-12-2007 07:52 AM

Hi Vibhor - Thanks for your reply, The other PIX is running the same code and has an unrestricted lisence.

The active unit is in a live environment. What do you think that command will achieve?

Thanks, Dom

0 Helpful

vitripat
Level 7
Level 7
In response to d-fillmore

‎03-12-2007 10:38 AM

When you enter "failover" command on the Secondary PIX, it "enables" failover on that. Without this command executed, it will not work in failover.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/cmd_ref/ef_711.htm#wp1678624

Hope that helps.

Regards,

Vibhor.

0 Helpful

d-fillmore
Level 2
Level 2
In response to vitripat

‎03-13-2007 08:12 AM

Thanks Vibhor - There is a line in the config thats says failover, and the output of 'show failover' shows that failover is on.

Something else I've noticed is that the interfaces on the FO unit all say interface down, line protocol up;

Interface config status is active

Interface state is not active

and they all show as waiting in the 'show failover' output;

This host: Secondary - Sync Config

Active time: 0 (sec)

Interface outside (0.0.0.0): No Link (Waiting)

Interface inside (0.0.0.0): No Link (Waiting)

Interface dmz (0.0.0.0): No Link (Waiting)

I'm going to verify that the interfaces are actually plugged into a switch! Do you know if this would affect the ability of the device to sync it's config?

Cheers, Dom

0 Helpful

djkim
Level 1
Level 1
In response to d-fillmore

‎03-19-2007 09:14 PM

I think this is due to the PIX license that your standy PIX has. Your failover PIX has active/standby license which can't be primary when PIX is restarted. I found that you issue "failover active" command from standby PIX to activate the interface.

regards, DJ

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents