Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Active unit and PDM warning replication message

Active unit and PDM warning replication message 9 years 7 months ago #19748

  • zillah
  • zillah's Avatar
  • Offline
  • Frequent Member
  • Posts: 79
  • Karma: 0
I have got two PIXs, Primary and Secondary

Primary (192.168.100.1) is Standby
Secondary (192.168.100.2) is Active

When I try to access the PDM from primary (Standby) I could not, but I was able to access PDM for Secondary (Active)

Secondary’s PDM Tools --> Command Line Interface --> config terminal,,,,I received this error message
[code:1]
Result of firewall command: "config ter"

**** WARNING ***
Configuration Replication is NOT performed from Standby unit to Active unit.
Configurations are no longer synchronized.
[/code:1]

1- In the above message why it says Standby unit ?, while I have issued the command (config terminal ) within Active unit, not Standby unit

2- How can I find user privilege level from within PDM ?
The administrator has disabled public write access.

Re: Active unit and PDM warning replication message 9 years 7 months ago #19754

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Sounds like the Pix's have failed over and now the Secondary Unit is talking the active role. In a Standby/Active config, you can only make configuration changes on the Active Pix, which then syncronises to the Standby Pix automatically (or if you type write standby which then forces the configs to sync).

You can manually fail the units back by typing from the command prompt on the Active Pix

[code:1]no failover active[/code:1]

This should then get the roles to the correct place.

Hope it helps ya
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Active unit and PDM warning replication message 9 years 7 months ago #19756

  • zillah
  • zillah's Avatar
  • Offline
  • Frequent Member
  • Posts: 79
  • Karma: 0
In a Standby/Active config, you can only make configuration changes on the Active Pix,
But I am doing the configuration on the Active PIX, though it is the Secondary one,,,,shouldn't secondary PIX be able to write configuration to the primary one , by using this command : write standby , since secondary is active in my situation ?
2- How can I find user privilege level from within PDM ?
The administrator has disabled public write access.

Re: Active unit and PDM warning replication message 9 years 7 months ago #19758

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
When I try to access the PDM from primary (Standby) I could not, but I was able to access PDM for Secondary (Active)

Sorry, i was going off this statement.

I have no answer to the 2nd point as i don't use the PDM, its command line all the way for me so i cannot help any further.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Active unit and PDM warning replication message 9 years 7 months ago #19787

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
When the pixes failover, their IPs go with them, so if your 'secondary' is active, it will have the 'primary' ip address.

You never want to manage the devices with the standby IP address.

It doesn't matter which physical device is active, you always use the active IP address.
The administrator has disabled public write access.

Re: Active unit and PDM warning replication message 9 years 7 months ago #19789

  • zillah
  • zillah's Avatar
  • Offline
  • Frequent Member
  • Posts: 79
  • Karma: 0
When the pixes failover, their IPs go with them, so if your 'secondary' is active, it will have the 'primary' ip address.
That is fines.
In my case Primary device ip address 192.168.100.1
Secondary device ip address 192.168.100.2

Now when the primary pix failed (moved to standby mode) that means the secondary became active with ip address 192.168.100.1
You never want to manage the devices with the standby IP address.
In my case I tried to manage the Secondary-Active device, not standby one
It doesn't matter which physical device is active, you always use the active IP address.
This is what I did as well,I used the Active Device, not the standby one.

I hope I understood you

Regards
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.087 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup