Firewall Wizards mailing list archives
Re: Question on PIX replication
From: "Farrukh Haroon" <farrukhharoon () gmail com>
Date: Sat, 6 Sep 2008 13:07:28 +0300
This happened to me while working for one customer. It appeared to be a combination of failover link problems and perhaps even a software bug. I had to clear both boxes (write erase) and reload the configurations. You can run the 'debug fover ...' commands to get more meaningful results as to what exactly is going wrong. (But please be careful on a production environment with regards to turning on debugs) Regards Farrukh On Wed, Aug 20, 2008 at 11:23 PM, Steven Pfister <SPfister () dps k12 oh us>wrote:
I've got a pair of PIX 525 in an active/standby configuration. I recently made some fairly large configuration changes to the active pix. Ever since then, I'm getting some errors when writing the config to the standby unit. The error looks something like: "At <date/time>, this active PIX was sending it configuration to the standby PIX and would not properly accept configuration changes. After this PIX notifies ASDM that configuration synchronization is complete, ASDM will send the current configuration changes. Send configuration to the PIX now anyway rather than waiting?" If I answer Send, I get another dialog which contains "write standby" and "Config replication in progress... Please try later." There seems to have been a failover to the secondary unit, and the primary unit is in a state called "sync config". On the primary, all the interfaces are down/up and seem to have the same ip addresses as the secondary (which is now the active unit). Is this normal for the state it's in, or are the interfaces down because of ip address conflicts? How can I best get the standby pix back in sync with the active one? Thanks! --Steve Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfister () dps k12 oh us _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Question on PIX replication Steven Pfister (Sep 03)
- Re: Question on PIX replication Christopher J. Wargaski (Sep 04)
- Re: Question on PIX replication Farrukh Haroon (Sep 10)