Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ssh is not working when 525 primary firewall goes to secondary


We are having 525 Firewall with UR and FO license. Sometimes cpu utilization will goes to 90 percent and it will go to secondary. Whenever primary goes to secondary SSH it will not work. Please help me to resolve the following 3 issues.

1.cpu process is 96 percent

2.SSH is not working

3.Automatically primary is moving to secondary.

Community Member

Re: ssh is not working when 525 primary firewall goes to seconda


1. For the CPU issue, I would suggest that you implement an IDS policy on all your interfaces and monitor the audit counters. A possible cause is an "ICMP unreacheable" attack; this attack might drive the PIX crazy and might cause such a high utilization.

2. If you are running PIX OS 6.3 you will need to run the command "ca save all" on both units which saves the RSA keys. Writing the config to memory will not be enough unless you start using PIX OS 7.0 which saves RSA keys when typing "write mem".

3. The primary will not jump to secondary unless there is something wrong. I have failover'ed PIXs running smoothly for ages and nuthing happened. I would suggest that you go to the documentation of the PIX and read through the reasons that might cause a PIX to switch to failover and then match that against your setup.

Hope this helps.


CreatePlease to create content