Cisco Firewall :: PIX 525 / Failover And Import Configuration?

Mar 27, 2011

I have 2 PIX 525, which one of them, step and active failover mode the other PIX 525, leaving this off, do not know what happened may have been a power outage, but in any case I can turn it back on? And the other question I have is if I can import a configuration that I have saved on my computer. i have the PIX device manager.

View 11 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5550 - Failover Is Not Replicating Configuration

Nov 11, 2012

I discover an issue with my CISCO ASA 5550 because I'm looking at the vlans that I have configured and some vlans on the Stand by device had not an IP address configured, checking the configuration of the failover

View 2 Replies View Related

Cisco Firewall :: 8.0.4 / ASA Failover Configuration Sync Infinite Time

Nov 15, 2011

We have ASA running code 8.0.4 with Active/Standby for quite long time. Today when we gave the command wri standby it started sync the config to standby ASA but waited forever.when we checked the show failover, we got the following result.
 
This host: Secondary - Active
Active time: 1928633 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.0(4)) status (Up Sys)
Interface PERIMETER-MGMT (10.12.8.1): Normal (Not-Monitored)
Interface OUTSIDE (86.36.xx.xx): Normal (Waiting)

[code].....

When we console to Standby ASA and tried to save (wri mem), we  got the following error and also please note the hostname has become default...?

ciscoasa(config)# wri memory
Building configuration...
Command Ignored, Configuration in progress...
[FAILED]
 
and when we tried to give following command we got this error:

ciscoasa(config)# copy running-config startup-config
Source filename [running-config]?
%Error reading system:/running-config (Configuration temporarily locked)
ciscoasa(config)#
 
I see here the standby ASA IPS module is down, but can that issue cause not sync the config backup and writing to nvram (save config)..?

View 1 Replies View Related

Cisco Firewall :: 5540 - Active / Standby ASA Failover Configuration Changes?

May 15, 2011

I have 2 ASA 5540s ver 8.3 in Active/Standby state.I am considering a future hypothetical situation where I might need to rename interfaces or reallocate redundant interface groups.  Doing so obviously has a major impact on the current primary configuration.  My goal would be to minimize or eliminate network downtime during the interface changes.
 
I am wondering if it is possible to force the secondary ASA from the standby to active state.Then temporarily disable failover on the primary unit.Make the interface changes on the primary unit Then reactivate failover on the primary unit Force the primary unit back to active and secondary unit to standby My new interface configuration would then sync from the primary to the secondary.
 
I believe this would work but must ensure that the secondary ASA can function as the active unit while the failover is disabled on the primary unit.  Is there a set length of time the secondary unit can remain active without a failover peer?
 
see issues with operating the secondary unit in this manner while making changes to the primary unit?

View 1 Replies View Related

Cisco Firewall :: 5510 Setup In Active / Standby Failover Configuration

May 8, 2012

We have 2 ASA 5510's setup in an active, standby failover configuration. When the primary fails over to standby, the 3rd party cert does not failover to the standby ASA. The users then receive the CERT missing, invalid message and have to select yes, no to move on. This does not occur when the primary is not in failover mode. It is my understanding that failover fails over certs but in our case it does not apper to be working correctly.

View 1 Replies View Related

Cisco Firewall :: 3750s / Trigger Failover Without Standby Address Configuration?

Nov 13, 2012

I am trying to establish EIGRP neighborships with my inside switches (3750s) over the "Internal" interface, shown in green. The outside interface is g0/0 and don't worry, I've ensured EIGRP is not running there.The problem I'm having is that I need to monitor the "Internal" link so that if it goes down, the ASA triggers the failover to the secondary firewall connected to the other switch. I was told that the "secondary" keyword was what enabled this:
 
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address 10.10.2.2 255.255.255.0 standby 10.10.2.3
 
This is fine since I am able to compare this config to the firewalls that are currently in production elsewhere in the environment and this is what's in use there. However, in order to run EIGRP all the way to the firewall and not rely on something else like HSRP for the inbound traffic, I'd like to run the corresponding links (Gi1/0/22) on the inside switches as routed ports (no switchport) so that I don't have to establish neighborships with SVIs or something like that. I want the routing to be done directly to the port, leaving the interfaces for failover and our DMZ set up as switchports, since those can be layer 2.It's saying the Internal interface has failed now, probably because it cannot send hellos through this, since it's a routed port on the switch side. I'm wondering if this simply is an impossible design, unless there's a way to track this interface and trigger a failover if it goes down using another method.a method that allows me to track that internal interface (Gi0/1) and trigger a failover if it goes down.

View 1 Replies View Related

Cisco Firewall :: Adding Failover ASA 5510 Back After Configuration Changes On Primary

Nov 28, 2012

I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time.  Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer.  I disconnected the failover cable because it was complaining about version mismatches constantly.
 
Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?

View 6 Replies View Related

Cisco Wireless :: How To Import Configuration From 4404WLC To WLC5508

Feb 3, 2012

In one week I need to import the config from my 4404 WLC to my new 5508, then I just want to change the mgnt IP address of the 5508 and then bring it into the same mobility group.How do I import the config when the 5508 is straight out of the box?

View 13 Replies View Related

Cisco Firewall :: Import ASA 5550 8.2 (5) In CSM Version 3.3.1?

Feb 14, 2012

if i can import an ASA 5550 8.2(5) in CSM version 3.3.1?

View 2 Replies View Related

Cisco VPN :: VPN Failover Configuration In 2851

Aug 29, 2010

I have a Cisco 2851 (c2800nm-advipservicesk9-mz.124-25d.bin) Router configured with one site-to-site vpn. Is it possible to configure a failover vpn tunnel on this router?

View 8 Replies View Related

Cisco WAN :: Dual ISP Failover Configuration 891W?

Apr 18, 2012

What I currently have is a Cisco 891W Router as well as two ISP's (both with dynamic IP's) in.  I'm currently just running one of my modems into the 891 through the FE8 port and then if for some reason I have an internet failure switching the ISP modems.  What I'm wondering is if there is a fairly simple way to configure (and attach) both modems to this router and then set it up to handle this failover automatically?

View 1 Replies View Related

Cisco WAN :: 2811 Configuration Of BGP For Two ISPs For Link Failover

Nov 1, 2011

does cisco 2811 support?if no, can i make it work for BGP?also, i want to know the configuration of bGP for twoo ISPs for link failover.it will be google if u tell me step by step approach for configuring it

View 1 Replies View Related

Cisco WAN :: 1921 / Internet Failover Sample Configuration

Sep 22, 2011

sample configuration for internet failover . i  have 2 ISPs with one coming in thought a serial cable and another through internet and would wish one take over after the other has failed .The router is Cisco 1921 .

View 4 Replies View Related

Cisco WAN :: ASA5505 - Seeking Failover To WWAN Configuration Specifics?

Oct 17, 2011

Client has an ASA5505 anchoring an MPLS network. One of their branch offices is experiencing frequent circuit outages due to theft of copper lines. I am looking at an 881G with wireless aircard as a backup solution and creating a VPN tunnel to the ASA but am unsure about how to handle routing on the ASA. There will already be a route for the branch subnet for the MPLS network.

View 2 Replies View Related

Cisco Switching/Routing :: Catalyst 3750 Failover Configuration

Jul 16, 2012

Our servers are hosted at the Main site, site office A access to the Main site for Internet and servers. We are thinking NextG to take over when the link between sites goes down.
 
To start with, what is the configuration for 3750 at Site A and the Main site:

1) Trunking for both switches

2) Routing

3) the automatic failover configuration for the switch at Site A.

View 1 Replies View Related

Cisco Firewall :: Import PIX 515E 6.3(5) Config Into New PIX 515E 8.0?

Aug 22, 2011

I need to redo the configuration on the new one?

View 11 Replies View Related

Cisco Switching/Routing :: 6509 SUP720-3B / Dual Link With Failover And Redundant Configuration?

Feb 24, 2013

I have a two fiber connection from our Central Office(6513) to Remote office (6509). I have a requirement that on the remote office if one of the fiber goes down, the second fiber should work as a failover. I am planning to use SUP720-3B SFP to connect to the CO.

Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G5/2?  or Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G6/2? I am running EIGRP between sites. Any sample config.
 
sup-bootflash:s72033-pk9sv-mz.122-18.SXD7b.bin"

View 4 Replies View Related

Cisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?

Feb 19, 2012

I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?

View 1 Replies View Related

Cisco Firewall :: Failover With PIX 525

Nov 10, 2011

I got PIX 525 with failover. Due to power issue one Unit was offline for a while. During this time couple of changes was done on the Firewall.

Which Unit becomes active when I plug the Firewall unit which was offline for a while now. Each Unit has 4 Ethernet Connection
E 0/0 - connects ISP Router
E 0/1 - connects to Lan switch
E 1/0 - connects to DMZ port
E 2/0 - connects to failover unit PIX

View 4 Replies View Related

Cisco :: Failover Configuration - Allow Primary Link To Fail And Secondary Link To Automatically Pick Up Traffic?

Dec 27, 2012

We have a customer who has a network consisting of two ISPs, one as a primary and the other as a backup. We are trying to create a configuration that would allow the primary link to fail and the secondary link to automatically pick up traffic and begin routing .how to set something like this up. Both routers are non Cisco routers and there for HSRP is out.

View 14 Replies View Related

Cisco Firewall :: ASA 5520 With Failover NAT With Two ISP?

Jun 20, 2011

Currently we have one ISP1 and all traffic goes to this way. Suppose our isp1 goes down, our outside user cant get the server. All servers are nated to this ISP1.We planned to purchase a another ISP2. Shall we Configure same inside server to map this ISP2? so that one primary ISP1 goes down it will take place the outside trafficISP2.

View 1 Replies View Related

Cisco Firewall :: How To Configure ASA Failover For 8.4

Nov 23, 2011

How to configure ASA failover for 8.4.

View 1 Replies View Related

Cisco Firewall :: Pix 525 Cluster Failover?

May 23, 2011

a customer have 2 pix 525 with ver 7.0.1 in a failover configuration with serial cable and 2 sc fiber interface and 2 fastethernet 1 used for failover. the strange behaviour is that when i try to do traffic from inside to dmz or dmz to inside the maximum transfer is 862Kb/s to 1MB/s not more.... i don't understand what's happened. the show mem and show cpu are normal 7% mem used and 1-2% cpu used. attached you will find the configuration.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Failover With SLA?

Jul 19, 2011

Is it possible to setup 2 x Cisco ASA 5520 that are in an Active/Standby failover using sla monitoring?
 
For example ASA1 outside interface connects to an upstream switch and you setup sla monitor with icmp echo to ping that switch. The switch goes down and you need the other ASA2 to become the Active ASA. Can the sla monitor be automatically integrated with the failover commands for this to happen?

View 5 Replies View Related

Cisco Firewall :: ASA 5505 VPN Failover Over WAN?

Oct 9, 2011

I have a ASA 5505 which is connected to a remote site which also has a ASA 5505 over a L2L VPN tunel. One of the sites has a WAN failover configured with two ISP which is working successfully.
 
But, when the WAN connection fails over to the backup connection the VPN link breaks as the peer site IP address has changed and the VPN can not establish a connection.
 
Would it be possible to configure a VPN failover so that when the connection failovers so will the VPN tunnel?

View 6 Replies View Related

Cisco Firewall :: Failover With Asa 5505

Jun 20, 2011

There are 2x Cisco ASA 5505 in an active/standby failover config.  The primary asa 5505 has been reset and the secondary is now running as active.  I would like to reintroduce the primary again but need to know how to do this.
 
Ideally I would like to remove the failover config and start from scratch.  Do I just need to enter the following to disable failover on the active secondary box?
 
no failover
no failover lan unit secondary
no failover lan interface failover Vlan999
no failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2

View 2 Replies View Related

Cisco Firewall :: ASA 5585 HA Failover?

Sep 24, 2012

I have a pair of ASA 5585 configured with 2 contexts, C1 & C2, C1 is active on ASA-1 & C2 is active on ASA-2 i did failover test, ping was initiated to host residing behind ASA-1 in context C1 i  powered of ASA-1 then both context became active on ASA-2, however during this failover.i saw 4 ping packets drop..

View 3 Replies View Related

Cisco Firewall :: ASA 5510 ISP Failover

May 31, 2011

Configured ASA 5510 ISP failover and working fine.My ASA as configured as DHCP server also. So its serves IP addressing details including mask,default-gateway, DNS server IPs.Here my issue is whenever my ISP failover occurs my ASA sends previous ISP DNS server IPs to my inside clients.
 
Here i like to configure my ASA to serve IP addresses dynamically.Or is there any global DNS IP addresses which will work for all ISPs?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 ISP Failover?

Feb 17, 2013

So we currently have a T1 connection at our location. We were looking to add a high speed cable internet and add an ASA 5505 with Security plus license to do failover between the two. I have found a few examples on how this would work but curious about a couple things.
 
We would want the Cable to be the primary, T1 as a backup.Currently the IAD that handles our T1 does dhcp, dns, and NAT.. Who/what would handle these items with the setup above?

View 5 Replies View Related

Cisco :: IOS Zone - Firewall Stateful Failover?

Aug 3, 2011

I've seen you can configure stateful failover between two routers running ip inspect classic firewall: url...Can the same be done yet for zone-firewall? I cannot find any documentation on it.

View 1 Replies View Related

Cisco Firewall :: Getting Failover Working Again After Upgrade From 8.2.2 To 8.4.2

Sep 6, 2011

When we had 8.2.2, we bought a Mobile license to make the iPads running AnyConnect happy. I applied it, but since we'd only purchased one license, it broke failover.  8.4 lets you share tracking licenses, and since we were planning on the upgrade to 8.4.x anyway, I figured no big deal, I'll get that straightened out when I do the upgrade.
 
Did the upgrade this weekend, and I still can't get things happy, the boxes don't see one-another:
  
Here's a show failover on the primary:
 
Failover OnFailover unit PrimaryFailover LAN Interface: failover GigabitEthernet0/3 (up)Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1Monitored Interfaces 6 of 160

[Code].....

View 3 Replies View Related

Cisco Firewall :: Cannot Activate Failover On Asa 5580

Sep 27, 2011

I got a problem with a cisco asa 5580 like two days ago and the device stop working (there was a mainteinance window and after that the device didn't work). Now we receive the RMA and we are trying to configure the failover so the new device get the configuration form the one that is working.
 
But this is the message that I gettin:
 
Failover message decryption failure. Please make sure both units have the same failover shared key and crypto license or system is not out of memory
 
We already changed the shared key and crypto license but the failover is still down, what are the features that the cisco need to activate to enable the failover?

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Failover With IP SLA Monitor?

Nov 28, 2011

Can I run Cisco ASA failover with dual ISP run active/standby configuration and SLA monitor to monitor the primary ISP gateway and failover to the secondary gateway but not failover to the failover firewall unless an actual event occurred that required a ASA failover?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved