Problem upgrade PIX Failover unit

Discussion in 'Cisco' started by Mark Green, Apr 15, 2004.

  1. Mark Green

    Mark Green Guest

    Hey,
    We use PIX-515E, Failover Only (FO) license, Version 6.3(1)

    Problem:

    We try upgrade to ver 6.3.3, (with the command "copy ftfp flash")
    then we found out the the pix can't even ping the ftfp server (192.168.60.2/24)
    I even erase the config(wr erase) and build it again this is

    what i see:
    pixfirewall(config)# sh int 2
    interface ethernet2 "gateway" is up, line protocol is up
    Hardware is i82559 ethernet, address is 0005.5d19.29d0
    IP address 192.168.60.160, subnet mask 255.255.255.0
    MTU 1500 bytes, BW 100000 Kbit half duplex
    349 packets input, 38178 bytes, 0 no buffer
    Received 349 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 packets output, 0 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collisions, 0 deferred
    0 lost carrier, 0 no carrier
    input queue (curr/max blocks): hardware (128/128) software (0/1)
    output queue (curr/max blocks): hardware (0/0) software (0/0)

    notic the "0 output packets"
    I replace cable(and even connect directly with cross cable), no ping.

    any Idea ?

    BTW
    config:

    PIX Version 6.3(1)

    interface ethernet0 100full

    interface ethernet1 100full

    interface ethernet2 100full

    interface ethernet3 100full

    interface ethernet4 100full

    interface ethernet5 100full

    nameif ethernet0 outside security0

    nameif ethernet1 inside security100

    nameif ethernet2 gateway security90

    nameif ethernet3 report security80

    nameif ethernet4 dmz security70

    nameif ethernet5 sync security95

    enable password xxxx

    hostname xxx

    fixup protocol ftp 21

    fixup protocol h323 h225 1720

    fixup protocol h323 ras 1718-1719

    fixup protocol http 80

    fixup protocol ils 389

    fixup protocol rsh 514

    fixup protocol rtsp 554

    fixup protocol sip 5060

    fixup protocol sip udp 5060

    fixup protocol skinny 2000

    fixup protocol smtp 25

    fixup protocol sqlnet 1521

    names

    pager lines 24

    logging on

    mtu outside 1500

    mtu inside 1500

    mtu gateway 1500

    mtu report 1500

    mtu dmz 1500

    mtu sync 1500

    ip address outside x.x.x.101 255.255.255.192

    ip address inside x.x.x.253 255.255.255.0

    ip address gateway 192.168.60.160 255.255.255.0

    ip address re x.x.x.253 255.255.255.0

    ip address dm x.x.x.253 255.255.255.0

    ip address sync x.x.x.253 255.255.255.252

    ip audit info action alarm

    ip audit attack action alarm

    no failover

    failover timeout 0:00:00

    failover poll 15

    no failover ip address outside

    no failover ip address inside

    no failover ip address gateway

    no failover ip address report

    no failover ip address dmz

    no failover ip address sync

    pdm history enable

    arp timeout 14400

    timeout xlate 3:00:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

    timeout uauth 0:05:00 absolute

    aaa-server TACACS+ protocol tacacs+

    aaa-server RADIUS protocol radius

    aaa-server LOCAL protocol local

    no snmp-server location

    no snmp-server contact

    snmp-server community public

    no snmp-server enable traps

    floodguard enable

    telnet timeout 5

    ssh timeout 5

    console timeout 0

    terminal width 80
     
    Mark Green, Apr 15, 2004
    #1
    1. Advertisements

  2. Mark Green

    Mirek Guest

    no failover
    switch failover on. It's off -> no failover

    Mirek
     
    Mirek, Apr 15, 2004
    #2
    1. Advertisements

  3. Mark Green

    Mark Green Guest

    Got it,
    THANKS Mirek
     
    Mark Green, Apr 15, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.