Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pix 515's fail to failover

from [Spigga] Network Security [Permanent Link]
Subject: Re: Pix 515's fail to failover
Date: Sun, 14 Nov 2004 18:02:23 -0600 
Yes we have snmp traps going to an NMS, we're not getting anything
from the pair, its not even logging normal traffic to buffer when the
problem exists. Its very strange and we're somewhat stumped on where
to start troubleshooting since this is a live customer and of course
downtime is not an option.  We've got a small maintainence window on
Monday so I'll toss it at Cisco and see if it sticks. Please feel free
to suggest any troubleshooting steps. Whats your opinion on crossovers
for lan based failover? I had considered that as a possible problem
since i had issues with it years ago, though as I said we have
hundreds of pairs in the same configuration so I think i'm reaching
here.


On Mon, 15 Nov 2004 09:49:43 +1000, Ivan Coric
<ivan.coric@workcoverqld.com.au> wrote:

sounds strange - are you sending snmp-traps from the PIX? does that give
you any info?


Spigga <spigga@gmail.com> 15/11/2004 9:47:09 am >>>



Thats the odd part, these pairs were failing fine in the past, we test
often, and we have about 250 more pairs that are fine.  Since I sent
this email one pair has decided to play nice, no config changes. We
brought the primary up to do some troubleshooting and the problem was
gone. One pair is still having the same issue.  We're going to spend
some time with the failed pair on Monday. I guess we'll see what
happens.

On Mon, 15 Nov 2004 09:35:19 +1000, Ivan Coric
<ivan.coric@workcoverqld.com.au> wrote:

verify your failover config -


http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/advanced.htm



use the command show failover - this will show you the status of the
failover

cheers
Ivan

Ivan Coric, CISSP, RHCE
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric@workcoverqld.com.au


Spigga <spigga@gmail.com> 12/11/2004 8:56:21 am >>>

I have 2 HA pairs that refuse to failover properly.  If the primary

is

active, and I try to fail it over to standby, they both go standby

and

traffic halts. I have to power cycle the primary and all is well.
This is the same situation on two separate pairs one pair  running
6.3(3) and one running 6.3(4).  They both started doing this on the
same day.  One during failover testing and one pair just stopped
passing traffic and never failed over so we had a guy power off the
primary and since then failover does not work.  In one case we
replaced the primary and it still happens.  We have replaced serial
and lan failover cables.  Anyone seen or heard of this?  We have

close

to 300 pixes, a large number runninf 6.3(3) and some running 6.3(4)
and no others are having trouble but we haven't failed any over

since

this started.  I'm afraid to test.



***************************************************************************

Messages included in this e-mail and any of its attachments are

those

of the author unless specifically stated to represent WorkCover

Queensland. The contents of this message are to be used for the intended
purpose only and are to be kept confidential at all times.

This message may contain privileged information directed only to the

intended addressee/s. Accidental receipt of this information should be
deleted promptly and the sender notified.

This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.


**********************************************************************






***************************************************************************


Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. 
The contents of this message are to be used for the intended purpose only and 
are to be kept confidential at all times.
This message may contain privileged information directed only to the intended 
addressee/s. Accidental receipt of this information should be deleted 
promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Router config question, JGrimshaw
Next by Date:  Re: Router config question, pramod
Previous by Thread:  Re: Pix 515's fail to failover, Spigga
Next by Thread:  Re: Pix 515's fail to failover, Zachary Spalding
Indexes:  [Date] [Thread] [Top] [All Lists]