https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370092#M975013 <P>Thanks Marius,</P> <P>&nbsp;</P> <P>Yes I believe the "failover lan unit secondary" was added, so unsure why we lost management access at the moment.</P> <P>&nbsp;</P> <P>So if both PRIMARY &amp; SECONDARY are active I take it when failover is turned on (#failover) then the boxes work it out between themselves using there lan unit status?</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 20 Apr 2018 19:14:00 GMT marc07cisco 2018-04-20T19:14:00Z https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370078#M975011 <P>Hi Cisco Experts,</P> <P>&nbsp;</P> <P>We have recently replaced&nbsp;our standby ASA5520, the failover was turned off on the primary box during the replacement being fitted(this is where we think our mistake has happened!!!).</P> <P>&nbsp;</P> <P>Once we had the upgraded the standby asa to&nbsp;9.1(7.4)(same as primary). we turned the failover on the primary.</P> <P>&nbsp;</P> <P>We appear to have lost management access to the firewall, I think that the synchronised possibly from secondary&nbsp;to primary because both boxes think they are the active box. Is there another possibility? Has the cluster&nbsp; gone down because it need a box rebooting to decide which one is the active box?</P> <P>&nbsp;</P> <P>We are sending an engineer to site currently, I was going to get them to&nbsp;console in(no remote console)&nbsp;and reboot the secondary in hope that the configuration in the primary is still there.&nbsp;&nbsp;&nbsp;&nbsp;</P> Fri, 21 Feb 2020 15:39:32 GMT https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370078#M975011 marc07cisco 2020-02-21T15:39:32Z https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370085#M975012 <P>If you configured the replacement secondary ASA with "failover lan unit secondary" it should not have overwritten the primary.&nbsp; If this command was not added or it was configured to primary, you would have a split brain issue and it is possible that the active primary ASA configuration has been overwritten.</P> <P>&nbsp;</P> <P>I have done quite a few of these replacements and have never had to do a reboot of the ASA to get the failover up.</P> Fri, 20 Apr 2018 19:04:44 GMT https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370085#M975012 Marius Gunnerud 2018-04-20T19:04:44Z https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370092#M975013 <P>Thanks Marius,</P> <P>&nbsp;</P> <P>Yes I believe the "failover lan unit secondary" was added, so unsure why we lost management access at the moment.</P> <P>&nbsp;</P> <P>So if both PRIMARY &amp; SECONDARY are active I take it when failover is turned on (#failover) then the boxes work it out between themselves using there lan unit status?</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 20 Apr 2018 19:14:00 GMT https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370092#M975013 marc07cisco 2018-04-20T19:14:00Z https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370096#M975014 <P><EM>So if both PRIMARY &amp; SECONDARY are active I take it when failover is turned on (#failover) then the boxes work it out between themselves using there lan unit status?</EM></P> <P>The ASA that is the current active primary will remain as the primary until a failover situation occurs or manually changed.</P> <P>You could issue the "show failover", "show failover history" and "show failover status" for more information.</P> <P>&nbsp;</P> <P>Another possibility is that this is an ARP issue on the next hop device.</P> Fri, 20 Apr 2018 19:19:51 GMT https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370096#M975014 Marius Gunnerud 2018-04-20T19:19:51Z https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370931#M975015 Did you find out what actually happen? Mon, 23 Apr 2018 08:36:11 GMT https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370931#M975015 Florin Barhala 2018-04-23T08:36:11Z https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370941#M975016 Hi Florin,<BR /><BR />Not yet, we are hoping to get somone to site today to check. I will update the chat once we<BR />Jave found out thanks<BR /> Mon, 23 Apr 2018 08:40:03 GMT https://community.cisco.com/t5/network-security/failover-sync-issue/m-p/3370941#M975016 marc07cisco 2018-04-23T08:40:03Z