Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

OSPF routes are not synchronized with the standby PIX 500 Series Firewall with software version 6.x

Core issue

This problem occurs due to the presence of Cisco bug ID CSCeb23798

The PIX Firewall stateful failover does not synchronize Open Shortest Path First (OSPF) states until version 6.3.x. This means that when the failover occurs, the routing information in the link-state database is not replicated to the secondary PIX. This does not mean that all connections are broken. It means that connections must wait until prefixes are installed back in the routing table before data traffic can resume.

Since the configurations are identical, the OSPF route is ultimately installed in the active unit. Once the failover occurs, the new active unit  recalculates the feasible path that runs the OSPF process.

Resolution

In order to resolve this issue, perform either of these steps:

  • Configure floating static routes that replace the OSPF routes.

  • Download and upgrade the PIX software version to the latest version available.

Refer to Using PIX Firewall Failover for more information.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:38 PM
Updated by:
 
Labels (1)