Firewall Wizards mailing list archives
Re: Question on PIX replication
From: "Christopher J. Wargaski" <wargo1 () gmail com>
Date: Thu, 4 Sep 2008 00:21:06 -0500
Hey Steve-- I haven't seen this one before, but be prepared to make those configuration changes again. I would try the following: 1a) power cycle the PIX that is in standby mode 1b) do a write standby 2a) failing 1, try a manual fail-back to the primary unit 2b) see if your running config looks as it should 2c) turn off the secondary unit 2d) apply configuration changes if necessary 2e) write mem 2f) turn on secondary unit 2g) write standby On Wed, Aug 20, 2008 at 3:23 PM, Steven Pfister <SPfister () dps k12 oh us>wrote:
I've got a pair of PIX 525 in an active/standby configuration. I recently made some fairly large configuration changes to the active pix. Ever since then, I'm getting some errors when writing the config to the standby unit. The error looks something like: "At <date/time>, this active PIX was sending it configuration to the standby PIX and would not properly accept configuration changes. After this PIX notifies ASDM that configuration synchronization is complete, ASDM will send the current configuration changes. Send configuration to the PIX now anyway rather than waiting?" If I answer Send, I get another dialog which contains "write standby" and "Config replication in progress... Please try later." There seems to have been a failover to the secondary unit, and the primary unit is in a state called "sync config". On the primary, all the interfaces are down/up and seem to have the same ip addresses as the secondary (which is now the active unit). Is this normal for the state it's in, or are the interfaces down because of ip address conflicts? How can I best get the standby pix back in sync with the active one? Thanks! --Steve Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfister () dps k12 oh us _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Question on PIX replication Steven Pfister (Sep 03)
- Re: Question on PIX replication Christopher J. Wargaski (Sep 04)
- Re: Question on PIX replication Farrukh Haroon (Sep 10)