cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
456
Views
0
Helpful
2
Replies

Pix keeps failing over

vanagon2tdi
Level 1
Level 1

what type of logging should i turn on to find out why my PIX 515 version 6.3.4 keeps failing over?

Here are the loggs i have so far:

104002: (Primary) Switching to STNDBY - switch to failed state

104003: (Primary) Switching to FAILED.

105009: (Primary) Testing on interface 1 Failed

105003: (Primary) Monitoring on interface 0 waiting

104004: (Primary) Switching to OK.

105003: (Primary) Monitoring on interface 1 waiting

105004: (Primary) Monitoring on interface 1 normal

105004: (Primary) Monitoring on interface 0 normal

105005: (Primary) Lost Failover communications with mate on interface 0

105008: (Primary) Testing Interface 0

103003: (Primary) Other firewall network interface 0 failed.

104001: (Primary) Switching to ACTIVE - mate interface failed.

105009: (Primary) Testing on interface 0 Passed

305006: portmap translation creation failed for protocol 50 src inside:7.x.x.x dst outside:67.x.x.x

305005: No translation group found for icmp src outside:64.x.x.x dst inside:204.x.x.x (type 8, code 0)

305005: No translation group found for icmp src outside:64.x.x.x dst inside:204.x.x.x (type 8, code 0)

305005: No translation group found for icmp src outside:64.x.x.x dst inside:204.x.x.x (type 8, code 0)

305006: portmap translation creation failed for protocol 50 src inside:7.4.92.100 dst outside:67.70.238.26

105003: (Primary) Monitoring on interface 1 waiting

105003: (Primary) Monitoring on interface 0 waiting

305006: portmap translation creation failed for protocol 50 src inside:7.x.x.x dst outside:67.x.x.x

105004: (Primary) Monitoring on interface 1 normal

105004: (Primary) Monitoring on interface 0 normal

I also have a SYSlog going and am seeing messages like:

Deny IP Spoof from (0.0.0.0) to 204.x.x.x on interface outside

and

Deny IP due to Land Attack from 204.5.5.1 to 204.5.5.1

Any help would be great.

2 Replies 2

ddawson
Level 1
Level 1

From the log messages it looks like your having problems on the Ethernet 0 interface (usually this is the outside interface), so I'd suggest you focus your attention there. This sort of problem is usually caused by physical or configuration issues on the LAN infrastructure between the two PIX's. For example, are the speed and duplex setting had coded on the PIX interfaces and the switches they're connected to? If you have Cisco switches, have you configured the ports appropriately? Here's Cisco's recommendation:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/failover.htm#wp1060018

What do the logs from the other PIX say? Anything specific about e0? While it would be possible for an attack to cause connectivity problems between your PIX outside interfaces, I'd expect to see a lot of syslog messages instead of a few, so I'd look more at the Layer 1, 2, and 3 aspects of your LAN infrastructure on the outside interfaces.

Good luck!

Dana

commodity
Level 1
Level 1

Hi Dave,

We are facing exactly the same issue that you faced regarding the pix failing over continously. we also have the same logs that you were getting. how did you manage to solve the issue?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: