Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco PIX515E active/stdby pair: process to disable i/f without failover

Hi All,

We have a PIX 515E pair in active/stdby (Stdby: FO only license). failover config...

*********************

failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 12.25.10.6

failover ip address inside 192.168.33.3

failover ip address dmz 192.168.23.3

no failover ip address intf3

no failover ip address intf4

failover ip address statefull 100.10.10.2

failover link statefull

**************************

I would like shut the DMZ ports on both PIXs. With out encountering failover what us the process..?

TIA

MS

3 REPLIES
Cisco Employee

Re: Cisco PIX515E active/stdby pair: process to disable i/f with

You can use the monitor-interface command, and not monitor the DMZ interface.

Re: Cisco PIX515E active/stdby pair: process to disable i/f with

Thanks for the reply but the monitor-interface command not supported in the version PIX having. 6.3(4)

TIA

MS

Re: Cisco PIX515E active/stdby pair: process to disable i/f with

Fyi.. The following sequence of commands worked (on Primary)..

*************************

no failover ip address dmz 192.168.23.3

write standby

write mem

--> Shut the dmz interface administratively.

--> After issuing write standby (may not need) , administrtively shut the switch ports (where Pri and SEC PIC DMZ i/f connects)

-->Here I lost connectivity to SEC pix for a very brief period till the Stateful link status (sh failover) returns to 'Normal' from Waiting.

--> issued another write standby and write mem. Everything looks fine.

Thanks

MS

109
Views
0
Helpful
3
Replies
CreatePlease to create content