cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


179
Views
0
Helpful
3
Replies
Beginner

Cisco ASA 5508-X Failover issue

Hello all,

 

I was trying to upgrade to the latest Anyconnect version on the ASA pair. I successfully did that, to both of them but in the process, the Primary active FW became as Secondary active to make it back to Primary active I gave the command: " failover lan unit primary". This made it from Secondary active to Primary active. However, the previous Primary standby got disconnected and I am not able to connect to it. I am also not able to console the FW through opengear. The FW is located somewhere else, I am planning to tell someone at that site to physically reboot it? I guess once it comes back it will go back to being Secondary standby. Please suggest whether that's the right way or is there any other options. Thanks in advance.

 

sh failover output:

 

 

Failover On
Failover unit Primary
Failover LAN Interface: folink GigabitEthernet1/8 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 60 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.9(2), Mate 9.9(2)

Last Failover at: 17:32:53 UTC Nov 20 2019


This host: Primary - Active
Active time: 171662 (sec)
slot 1: ASA5508 hw/sw rev (3.1/9.9(2)) status (Up Sys)
Interface outsidePtera (69.28.35.209): Normal (Waiting)
Interface ousideISP2 (0.0.0.0): Normal (Waiting)
Interface inside (172.16.32.78): Normal (Waiting)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)


Other host: Secondary - Failed
Active time: 5101867 (sec)
slot 1: ASA5508 hw/sw rev (3.1/9.9(2)) status (Unknown/Unknown)
Interface outsidePtera (69.28.35.210): Unknown (Monitored)
Interface ousideISP2 (0.0.0.0): Unknown (Waiting)
Interface inside (172.16.32.77): Unknown (Monitored)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Unknown/Unknown)
ASA FirePOWER, 6.2.2-81, Unknown, (Monitored)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Unknown/Unknown)
ASA FirePOWER, 6.2.2-81, Unknown, (Monitored)

 

#ciscoASA #ASA #failover

3 REPLIES 3
Highlighted
VIP Advisor

Re: Cisco ASA 5508-X Failover issue

Technically as per your information this Primary - Failover unit Primary and This host: Primary - Active

 

if you hard reboot other ASA, that will become standby since primary already active here.

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: Cisco ASA 5508-X Failover issue

Ok, just wanted to confirm. I guess the hard reboot is the only option. Will the hard reboot should impact the primary active unit? Also, will the hard reboot cause to lose the configuration on the secondary?
VIP Advisor

Re: Cisco ASA 5508-X Failover issue

hard boot does not impact the Primary at all,  even the secondary lose the configuration this will not impact on the primary.

 

If you are more cautious you can do the below steps :

 

1. Take a backup configuration.

2. at remote end connect console cable and take team viewer control to look the boot process.

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here