https://community.cisco.com/t5/network-security/asa5585-x-ssp40-failover-problem/m-p/3080723#M135098 <P>I have recently implemented ASA5585-X SFR SSP40 failover. Failover is up interfaces are monitored and configuration is replication and syncing from active to standby pair. Connectivity to core switch Cisco&nbsp;6807-XL which is VSS&nbsp;pair is as following;&nbsp;</P> <P>Firewall#1</P> <P>Firewall#1: Port Ten0/6 connected to Ten1/2/17 Core1 (Inside Port-channel)</P> <P><SPAN>Firewall#1: Port Ten0/7 connected to Ten2/2/17 Core2&nbsp;(Inside Port-channel)</SPAN></P> <P><SPAN>Firewall#1: Port Ten0/8 connected to Ten1/2/19 Core1 (Outside Interface)</SPAN></P> <P><SPAN>Firewall#1: Port Ten0/9 connected to Ten0/9 Firewall2 (Ten0/9.1 LAN Failover, Ten0/9.2 Stateful Failover)&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P>Firewall#2</P> <P>Firewall#2: Port Ten0/6 connected to Ten2/2/20 Core2 (Inside Port-channel)</P> <P><SPAN>Firewall#2: Port Ten0/7 connected to Ten1/2/20 Core1 (Inside Port-channel)</SPAN></P> <P><SPAN>Firewall#2: Port Ten0/8 connected to Ten2/2/19 Core2 (Outside Interface)</SPAN></P> <P><SPAN>Firewall#2: Port Ten0/9 connected to Ten0/9 Firewall2 (Ten0/9.1 LAN Failover, Ten0/9.2 Stateful Failover)&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>We are running <G class="gr_ gr_1739 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="1739" data-gr-id="1739">ospf</G>&nbsp;on core switches and ASA Firewall outside interfaces Ten0/8 on both firewalls are also configured in <G class="gr_ gr_2129 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="2129" data-gr-id="2129">ospf</G>.&nbsp;</SPAN></P> <P>Firewall1 is primary and Firewall2 is the secondary pair in failover.&nbsp;</P> <P>When Primary firewall is active <G class="gr_ gr_2223 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="2223" data-gr-id="2223">ospf</G>&nbsp;neighborship goes as well as I can not ping the subinterfaces created under inside interface port-channel</P> <P>when I make my secondary firewall as active <G class="gr_ gr_2309 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="2309" data-gr-id="2309">ospf</G>&nbsp;neighborship comes up and also I'm able to ping subinterfaces created for my inside networks.&nbsp;</P> <P>What could be the problem, is it something to do with port-channel configuration or failover configuration.&nbsp;</P> <P>Thank you all in advance for kind response.</P> <P>Regards,</P> <P>Asad.</P> <P></P> <P></P> <P></P> Tue, 12 Mar 2019 09:26:47 GMT Atasawar1 2019-03-12T09:26:47Z https://community.cisco.com/t5/network-security/asa5585-x-ssp40-failover-problem/m-p/3080723#M135098 <P>I have recently implemented ASA5585-X SFR SSP40 failover. Failover is up interfaces are monitored and configuration is replication and syncing from active to standby pair. Connectivity to core switch Cisco&nbsp;6807-XL which is VSS&nbsp;pair is as following;&nbsp;</P> <P>Firewall#1</P> <P>Firewall#1: Port Ten0/6 connected to Ten1/2/17 Core1 (Inside Port-channel)</P> <P><SPAN>Firewall#1: Port Ten0/7 connected to Ten2/2/17 Core2&nbsp;(Inside Port-channel)</SPAN></P> <P><SPAN>Firewall#1: Port Ten0/8 connected to Ten1/2/19 Core1 (Outside Interface)</SPAN></P> <P><SPAN>Firewall#1: Port Ten0/9 connected to Ten0/9 Firewall2 (Ten0/9.1 LAN Failover, Ten0/9.2 Stateful Failover)&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P>Firewall#2</P> <P>Firewall#2: Port Ten0/6 connected to Ten2/2/20 Core2 (Inside Port-channel)</P> <P><SPAN>Firewall#2: Port Ten0/7 connected to Ten1/2/20 Core1 (Inside Port-channel)</SPAN></P> <P><SPAN>Firewall#2: Port Ten0/8 connected to Ten2/2/19 Core2 (Outside Interface)</SPAN></P> <P><SPAN>Firewall#2: Port Ten0/9 connected to Ten0/9 Firewall2 (Ten0/9.1 LAN Failover, Ten0/9.2 Stateful Failover)&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>We are running <G class="gr_ gr_1739 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="1739" data-gr-id="1739">ospf</G>&nbsp;on core switches and ASA Firewall outside interfaces Ten0/8 on both firewalls are also configured in <G class="gr_ gr_2129 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="2129" data-gr-id="2129">ospf</G>.&nbsp;</SPAN></P> <P>Firewall1 is primary and Firewall2 is the secondary pair in failover.&nbsp;</P> <P>When Primary firewall is active <G class="gr_ gr_2223 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="2223" data-gr-id="2223">ospf</G>&nbsp;neighborship goes as well as I can not ping the subinterfaces created under inside interface port-channel</P> <P>when I make my secondary firewall as active <G class="gr_ gr_2309 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="2309" data-gr-id="2309">ospf</G>&nbsp;neighborship comes up and also I'm able to ping subinterfaces created for my inside networks.&nbsp;</P> <P>What could be the problem, is it something to do with port-channel configuration or failover configuration.&nbsp;</P> <P>Thank you all in advance for kind response.</P> <P>Regards,</P> <P>Asad.</P> <P></P> <P></P> <P></P> Tue, 12 Mar 2019 09:26:47 GMT https://community.cisco.com/t5/network-security/asa5585-x-ssp40-failover-problem/m-p/3080723#M135098 Atasawar1 2019-03-12T09:26:47Z https://community.cisco.com/t5/network-security/asa5585-x-ssp40-failover-problem/m-p/3080724#M135099 <P>This is to inform you all if someone wonders that what happened to above-mentioned problem.</P> <P>There are four ports connecting to core switches from firewalls. I created single port-channel for all four interfaces connecting to all four interfaces two each to respective firewalls and I was facing above mentioned problem but as soon as I created two port-channels for each two interfaces connecting to the respective firewall, everything came up and running. And life is good now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P></P> Thu, 01 Jun 2017 18:07:14 GMT https://community.cisco.com/t5/network-security/asa5585-x-ssp40-failover-problem/m-p/3080724#M135099 Atasawar1 2017-06-01T18:07:14Z