Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Verify my failover config?


Just recently replaced a single pix515 with two pix515e's in a failover configuration. We have no screened subnet or DMZ. The firewall is working but I am not sure if my secondary's ip is correct... can you take a look at the config below and advise? Should my inside interfaces be the same ip? And if so, how do I change the ip on the secondary once in operation?


Gary Hornbeck

District Network Administrator

College of the Siskiyous

User Access Verification

PIX1# sh failover

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 7 seconds

This host: Primary - Active

Active time: 1688505 (sec)

Interface intf2 ( Link Down (Waiting)

Interface outside ( Normal

Interface inside ( Normal

Other host: Secondary - Standby

Active time: 0 (sec)

Interface intf2 ( Link Down (Waiting)

Interface outside ( Normal

Interface inside ( Normal

Stateful Failover Logical Update Statistics

Link : intf2

Stateful Obj xmit xerr rcv rerr

General 562666 0 0 0

sys cmd 56282 0 0 0

up time 2 0 0 0

xlate 54537 0 0 0

tcp conn 451845 0 0 0

udp conn 0 0 0 0

ARP tbl 0 0 0 0

RIP Tbl 0 0 0 0

Logical Update Queue Information

Cur Max Total

Recv Q: 0 0 0

Xmit Q: 0 1 397570


Re: Verify my failover config?

Your config is correct. The IPs on the 2 PIXs should be different (but same subnet). See example config below:

ip address outside x.x.x.1

ip address inside

ip address DMZ1

ip address Extranet

ip address stateful


failover poll 15

failover ip address outside x.x.x.2

failover ip address inside

failover ip address DMZ1

failover ip address Extranet

failover ip address stateful

failover link stateful

Hope it helps.



Re: Verify my failover config?


Thanks for checking and the example. I really appreciate your assistance/help! I screwed up and thought this one never made it so forum, so I just another. Please disregard.. last thing I want to do is waste your time.

Thanks again!

CreatePlease to create content