Hi Larry, There are a lot of factors that come into play when you are
talking about failure of failovers. First of all are you running just a
failover or are you doing stateful failover. Next are you sure that you have
a cable plugged into ALL interfaces(even those that are shutdown) as the pix
will send helo messages out to every interface it sees in the config. Also,
if you are running stateful failover be sure that that interface is running
at 100full not auto. There is an issue with some pix boxes with regards to
failover not acting right and if you go to the cisco site and search on
faiovers failing you should find it. It wil tell you the range of s/n's of
affected machines. Hope this helps.
Jim Brigham
Lincoln Managed Security
1-512-740-6290
[EMAIL PROTECTED]
----- Original Message -----
From: "Larry Chuon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 31, 2001 9:01 AM
Subject: pix 515 failover
> Hi everyone,
>
> I have a pair of PIX 515 with IOS v5.2(5). Both the primary and the
standby
> failover very frequently.
>
> a) When failover occur, the failed one reboots automatically and comes
> backup frozen. I have to manually reboot it again to make it healthy; so
> the active one has something to failover to. Otherwise, the network will
go
> down.
> b) The time for any of them to fail range from 15 minutes to 10 hours.
> c) Both of them still fail when them run solely
>
> This is what I have tried so far.
> 1. Upgrade the IOS from an older one to v5.2(5)
> 2. Changed the failover cable
> 3. Changed the ethernet cables
> 4. I replaced the original primary. When I turned it on, there was no
> traffic flow.
> 5. There was not any changes on the network itself that I know of.
> 6. I typed: 'debug fover fail' and 'debug fover switch', but I didn't see
> any errors.
> 7. I just recently turned logging on a day ago(I inherited this network),
> but I don't currently have log analyzer. Let me know if you know of a
good
> one.
> -----
> 8. In case you asked, I am try to strainghten out support issue with
Cisco.
> Currently, Cisco thinks that our maintenance expired. We purchase the
> equipments less than a year ago.
>
> If you any kind soles can shed some lights on this issue, I will greatly
> appreciate it.
>
> Larry
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
