Re: PIX DHCP/Failover boot issue
From: Router Man (route_man89@hotmail.com)
Date: 01/20/03
- Next message: Felix Zaslavskiy: "Re: unautherized access to unix systems?"
- Previous message: User Vatazhka: "Re: sfill tool fails with filesize limit exceeded"
- In reply to: rrbrown: "PIX DHCP/Failover boot issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Router Man" <route_man89@hotmail.com> Date: Mon, 20 Jan 2003 04:04:01 GMT
The first thing that I would do is get it to 6.2 code, that may help you.
Pull down a sample config from a 501, it does DHCP out of the box and works
well. I do not see amything in your config that tells me failover is
active. Try the code upgrade and see if that works, the check on of the 501
DHCP config examples on the web site to check your config.
-D
"rrbrown" <phusnikn@cynikal.net> wrote in message
news:zBCW9.34159$Oj7.7682024@twister.nyc.rr.com...
> I have a PIX 525 with no failover I have configured my outside interface
for
> dhcp when boot I'm unable to pick up an address from my ISP I get the
> following message
>
> dhcp client start discover: wait until failover switch to active
> DHCP command failed
> pix>
>
> but the werid part is if I set the configs manually using ip address
outside
> dhcp setroute
>
> pix# conf t
> pix(config)# ip address outside dhcp setroute
> ....
> Allocated IP address = 10.0.0.27, netmask = 255.255.255.0, gateway =
> 10.0.0.2
> pix(config)#
>
>
> Now my question I dont have a PIX failover unit how do I make it stop
trying
> to make the failover active and breaking dhcp. here is my config I
explictly
> set no failover but it seems to have no effect.
>
> Here is my config.
>
>
> PIX Version 5.2(6)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password tizXn.s9DzyE9u3g encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname garrypix
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 1720
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol sip 5060
> names
> pager lines 24
> logging on
> no logging timestamp
> no logging standby
> no logging console
> no logging monitor
> no logging buffered
> no logging trap
> no logging history
> logging facility 20
> logging queue 512
> interface ethernet0 auto
> interface ethernet1 auto
> mtu outside 1500
> mtu inside 1500
> ip address outside dhcp setroute
> ip address inside 10.20.0.1 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> no failover
> failover timeout 0:00:00
> failover poll 15
> failover ip address outside 0.0.0.0
> failover ip address inside 0.0.0.0
> arp timeout 14400
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
> 0:05:00 si
> p 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> no sysopt route dnat
> isakmp identity hostname
> telnet timeout 5
> ssh timeout 5
> dhcpd address 10.20.0.2-10.20.0.2 inside
> dhcpd dns 24.29.99.81 24.29.99.82
> dhcpd lease 3600
> terminal width 80
> Cryptochecksum:fcaa117ca6b97c1f8d0572581a802db5
>
> --
> echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc
>
>
- Next message: Felix Zaslavskiy: "Re: unautherized access to unix systems?"
- Previous message: User Vatazhka: "Re: sfill tool fails with filesize limit exceeded"
- In reply to: rrbrown: "PIX DHCP/Failover boot issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
