Hey Spigga,
I'm going to pressume that having so many PIXes, you're more than offay with
configuring them. Have you tried to debug the problem? What messages are you
getting? If they aren't already, perhaps you could try taking a pair of the
PIXes out, putting them into a test environment with different switches and
starting with a fresh config, just to start a process-of-elimination.
I'm sure you'll have this already, but here's Cisco's link for the PIX 6.3
failover chapter:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration
_guide_chapter09186a008017278a.html
Regards,
Jason
-----Original Message-----
From: Spigga [mailto:spigga@gmail.com]
Sent: Friday, 12 November 2004 9:56 AM
To: firewalls@securityfocus.com
Subject: Pix 515's fail to failover
I have 2 HA pairs that refuse to failover properly. If the primary is
active, and I try to fail it over to standby, they both go standby and
traffic halts. I have to power cycle the primary and all is well.
This is the same situation on two separate pairs one pair running
6.3(3) and one running 6.3(4). They both started doing this on the same
day. One during failover testing and one pair just stopped passing traffic
and never failed over so we had a guy power off the primary and since then
failover does not work. In one case we replaced the primary and it still
happens. We have replaced serial and lan failover cables. Anyone seen or
heard of this? We have close to 300 pixes, a large number runninf 6.3(3)
and some running 6.3(4) and no others are having trouble but we haven't
failed any over since this started. I'm afraid to test.
smime.p7s
Description: S/MIME cryptographic signature
