Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Stateful Failover Does Not Work

Hello,

Could someone help me...

I configured my pix to be stateful failover;however,

the primary failed twice. The secondary was active; however, all the communications failed.

I checked all my link cable and everything...

I open a case with TAC for two days; no help me or call me back. Everytime, I called TAC they requeue my case. Please Help !

Thank U.

6 REPLIES
New Member

Re: Stateful Failover Does Not Work

Hope you have taken care of the following:

1. You have to dedicate one interface from each of the firewall (other than inside and outside interfaces) for the failover.

They have to be connected using a cross-over cable (suggested) or through a switch (in this case ensure both the ports are in the same VLAN).

2. Every interface has to be assigned an IP address, even if some of them are not being used and are `shutdown'.

Hope this helps.

New Member

Re: Stateful Failover Does Not Work

Thanks.

I did exactly what you suggested...

interface is not sutdown.

Thank u.

New Member

Re: Stateful Failover Does Not Work

What version are your PIX's running?

How are the outside/inside interfaces connected? To a switch? Have you verified the switch's configuration?

New Member

Re: Stateful Failover Does Not Work

Thank you very much for support...

Pix 525 with 6.0(1). I have configured pix to be stateful failover. I also dedicated one interface for failover with cross-cable. It failover three times; everytime, I have to force the secondary to be active by using command "failover active".

Now I configure as normal failover; it works ok.

I deleted the stateful failover link... An cisco Tac engineer called and he said "Maybe 6.0(1) has a bug... Who know ?

To answer your question: each interface connected to one switch with defference vlan.

Thank u.

New Member

Re: Stateful Failover Does Not Work

Also, connect any interfaces to the counterpart PIX with a cross-over. Make sure you address them on the same network. (i.e. PIX1 interface 3 192.168.1.1/24, PIX2 interface 3 192.168.1.2/24

New Member

Re: Stateful Failover Does Not Work

Thank U.

I have interface number 5 with IP 10.200.200.1 on primary and 10.200.200.2 on secondary.

I sent my configuration to TAC engineer; he said it 's correct.

Thank u.

124
Views
0
Helpful
6
Replies
CreatePlease to create content