cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


212
Views
0
Helpful
5
Replies
Beginner

ASA 5525 Failover issue

Hi,

I am facing an Active/active failover problem 
model ASA 5525
system image: asa922-4-SMP-k8.bin
ASDM: 7.2(2)1

both firewall configuration matched. and interface showing up. but failover is not working.

any one help this..

 

5 REPLIES 5
Highlighted
Contributor

Re: ASA 5525 Failover issue

Here is a link to a document showing the configuration.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ha_active_standby.pdf

Here is a configuration example.

Primary - ASA
failover
failover lan unit primary
failover lan interface Failover Ethernet1/8
failover link Failover Ethernet1/8
failover interface ip Failover 192.168.1.1 255.255.255.252 standby 192.168.1.2
Secondary - ASA
failover
failover lan unit secondary
failover lan interface Failover Ethernet1/8
failover link Failover Ethernet1/8
failover interface ip Failover 192.168.1.1 255.255.255.252 standby 192.168.1.2
 
Can you provide your configuration?
Frequent Contributor

Re: ASA 5525 Failover issue

It looks like you may be monitoring the SFR/IPS module as part of the failover, which has failed on the primary firewall. It is in recover mode.

If you provide the output of 

Show run all monitor-interface

If you see the module as being monitored, just negate it with the no command until you figure out what is wrong with the module. This will at least get your failover working. 

Rising star

Re: ASA 5525 Failover issue

just to add what @GRANT3779  said.

 

he is right follow his instruction. moreover, it seems your SFR could be problemetic. might you need to re-image this module. however, recover should come in to state as UP/UP. otherwise, do some test no sucess than reimage this.

please do not forget to rate.
Beginner

Re: ASA 5525 Failover issue

We not using IPS module. Both firewalls is up. but failover not happened where is primary down.

 

 

Frequent Contributor

Re: ASA 5525 Failover issue

What is the Output from 

show run all monitor-interface