03-22-2016 02:06 AM - edited 03-12-2019 12:31 AM
Hello.
I have configure ASA Failover.
failover
failover lan unit secondary
failover lan interface FAILOVER Port-channel2
failover link FAILOVER Port-channel2
failover interface ip FAILOVER 172.16.31.249 255.255.255.248 standby 172.16.31.250
!
interface GigabitEthernet0/4
channel-group 2 mode on
!
interface GigabitEthernet0/5
channel-group 2 mode on
!
After reload primary Unit i type "show failover"
MIRAN-ASA5515-1# show failover
Failover On
Failover unit Secondary
Failover LAN Interface: FAILOVER Port-channel2 (Failed - No Switchover)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 114 maximum
Version: Ours 9.1(6)11, Mate 9.1(6)11
Last Failover at: 00:34:39 MSK Mar 18 2016
This host: Secondary - Active
Active time: 386917 (sec)
slot 0: ASA5515 hw/sw rev (1.0/9.1(6)11) status (Up Sys)
Interface management (0.0.0.0): No Link (Not-Monitored)
Interface MANAGE (10.0.0.4): Normal (Not-Monitored)
Interface OUTSIDE (195.19.208.250): Normal (Waiting)
Interface DMZ (195.19.208.242): Normal (Waiting)
Interface INSIDE (172.28.4.2): Normal (Waiting)
Interface IPSEC (172.28.5.2): Normal (Not-Monitored)
Other host: Primary - Failed
Active time: 436 (sec)
slot 0: ASA5515 hw/sw rev (1.0/9.1(6)11) status (Unknown/Unknown)
Interface management (0.0.0.0): Unknown (Not-Monitored)
Interface MANAGE (10.0.0.5): Unknown (Not-Monitored)
Interface OUTSIDE (195.19.208.252): Unknown (Monitored)
Interface DMZ (195.19.208.243): Unknown (Monitored)
Interface INSIDE (172.28.4.3): Unknown (Monitored)
Interface IPSEC (172.28.5.3): Unknown (Not-Monitored)
And i can not connect to primary Unit.
How can I fix this?
Best regards,
Slava
Solved! Go to Solution.
03-22-2016 02:25 AM
Hi,
In that case please reload the primary ASA and then check.
Regards,
Aditya
03-22-2016 02:14 AM
Hi,
It can be an issue with the failover link between the ASA's.
Are you able to ping the failover IP's from the respective
On the primary ASA can you share the show crash and show blocks output ?
Regards,
Aditya
Please rate helpful posts.
03-22-2016 02:21 AM
Hi.
Primary asa don't answer on ping.
MIRAN-ASA5515-1# show failover interface
interface FAILOVER Port-channel2
System IP Address: 172.16.31.249 255.255.255.248
My IP Address : 172.16.31.250
Other IP Address : 172.16.31.249
MIRAN-ASA5515-1# ping
MIRAN-ASA5515-1# ping 172.16.31.249
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.31.249, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
I don't can connect to primary unit.
Slava
03-22-2016 02:25 AM
Hi,
In that case please reload the primary ASA and then check.
Regards,
Aditya
03-23-2016 12:40 AM
After reload all works.
Thanks for you help.
Slava
03-23-2016 12:45 AM
Hi Slava,
Glad it resolved the issue.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide