ASA Failover setup

BILL DUNN — Tue, 12 Mar 2019 06:07:27 GMT

I am trying to setup a pair of ASA5510's in an active/passive failover. When I issue the failover command from the secondary 5510 I see these messages

Detected an Active mate

Beginning configuration replication from mate.

Warning: no actions specified. All actions disabled.

End configuration replication from mate.

When I use "show failover | include host" I see this

This host: Secondary - Failed

Other host: Primary - Active

The secondary node seems to have all the configuration from the primary. At the time the primary had a few VPN connections active. Those too seemed to be reflected on the secondary. I think the status of the secondary node needs to be "Standby Ready". Can anyone tell me where I went wrong or how to troubleshoot this?

e0/0 is the outside interface

e0/1 is the inside interface

e0/2 and e0/3 are the common ports

Below are the commands I used to setup failover on the two nodes. Outside IP addresses are fictional.

On Primary node

interface Ethernet0/0

mac-address 0003.000b.0001 standby 0003.000b.0002

nameif outside

security-level 0

ip address 18.174.151.249 255.255.255.0 standby 18.174.151.152

interface Ethernet0/1

mac-address 0003.000a.0001 standby 0003.000a.0002

nameif inside

security-level 100

ip address 172.16.190.249 255.255.255.0 standby 172.16.190.149

interface Redundant1

description LAN/STATE Failover Interface

member-interface Ethernet0/2

member-interface Ethernet0/3

failover

failover lan unit primary

failover lan interface FailoverLink Redundant1

failover polltime unit msec 200 holdtime msec 800

failover polltime interface msec 500 holdtime 5

failover link FailoverLink Redundant1

failover interface ip FailoverLink 192.168.168.173 255.255.255.252 standby 192.168.168.174

On Secondary Node

Interface e0/2

No shut

Interface e0/3

No shut

Interface Redundant 1

Member-interface et 0/2

Member-interface et 0/3

Failover lan unit secondary

Failover lan interface FailoverLink Redundant1

failover interface ip FailoverLink 192.168.168.173 255.255.255.252 standby 192.168.168.174

failover

Hi,I think possibly

Vibhor Amrodia — Tue, 16 Jun 2015 13:30:26 GMT

Hi,

I think possibly monitoring on one of the Data interfaces on this Ha are failing.

Check "show failover state" to find the interface which is failing.

Also , as you are using the redundant interface for failover , use a switch for connecting the failover interface.

Thanks and Regards,

Vibhor Amrodia

topic ASA Failover setup in Network Security

ASA Failover setup

Hi,I think possibly