https://community.cisco.com/t5/network-security/2130-asa-mode-management-interface-failover-problem/m-p/3886783#M25305 <P>Only data path interfaces should be setup with standby addresses.</P> <P>Your ASA management1/1 addresses should not be included in the failover setup. Each management interface should have a unique IP address (and MAC address when using locally administered addresses such as you are using).</P> <P>When a unit changes role, the management interface address will remain the same.&nbsp;</P> Tue, 09 Jul 2019 05:56:20 GMT Marvin Rhoads 2019-07-09T05:56:20Z https://community.cisco.com/t5/network-security/2130-asa-mode-management-interface-failover-problem/m-p/3886566#M25303 <P>I have an Active/Standby pair of 2130 appliances that is having a problem with the management interfaces when failing over from the primary to the secondary. When failover is invoked, the IP Address of the primary does not move to the standby and is unreachable. When I console into the primary 2130, it is up and functioning as the primary, but cannot access via ssh. When the secondary comes back (was intially the primary and now the secondary) I can ssh to the standby IP Address, but not the primary IP Address. Wondering if anyone else has experienced this also?&nbsp;</P><P>&nbsp;</P><P>This is how I have the management interfaces and failover configured.&nbsp;</P><P>&nbsp;</P><P>PRIMARY 2130<BR />interface Management1/1<BR />management-only<BR />mac-address 12ff.0000.0005 standby 12ff.0000.0006<BR />nameif management<BR />security-level 100<BR />ip address 192.168.1.10 255.255.255.0 standby 168.192.1.11</P><P>route management 0.0.0.0 0.0.0.0 192.1168.1.1 1</P><P>failover<BR />failover lan unit primary<BR />failover lan interface FAILOVER Port-channel3<BR />failover polltime unit 1 holdtime 3<BR />failover polltime interface 3 holdtime 15<BR />failover replication http<BR />failover link FAILOVER Port-channel3<BR />failover interface ip FAILOVER 1.1.1.1 255.255.255.252 standby 1.1.1.2</P><P><BR />SECONDARY 2130<BR />interface Management1/1<BR />management-only<BR />mac-address 12ff.0000.0005 standby 12ff.0000.0006<BR />nameif management<BR />ip address 192.168.1.10 255.255.255.0 standby 168.192.1.11</P><P>route management 0.0.0.0 0.0.0.0 192.1168.1.1 1</P><P>failover<BR />failover lan unit secondary<BR />failover lan interface FAILOVER Port-channel3<BR />failover polltime unit 1 holdtime 3<BR />failover polltime interface 3 holdtime 15<BR />failover replication http<BR />failover link FAILOVER Port-channel3<BR />failover interface ip FAILOVER 1.1.1.1 255.255.255.252 standby 1.1.1.2</P><P>&nbsp;</P> Mon, 08 Jul 2019 19:12:31 GMT https://community.cisco.com/t5/network-security/2130-asa-mode-management-interface-failover-problem/m-p/3886566#M25303 MARTIN HUERTER 2019-07-08T19:12:31Z https://community.cisco.com/t5/network-security/2130-asa-mode-management-interface-failover-problem/m-p/3886783#M25305 <P>Only data path interfaces should be setup with standby addresses.</P> <P>Your ASA management1/1 addresses should not be included in the failover setup. Each management interface should have a unique IP address (and MAC address when using locally administered addresses such as you are using).</P> <P>When a unit changes role, the management interface address will remain the same.&nbsp;</P> Tue, 09 Jul 2019 05:56:20 GMT https://community.cisco.com/t5/network-security/2130-asa-mode-management-interface-failover-problem/m-p/3886783#M25305 Marvin Rhoads 2019-07-09T05:56:20Z