cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


650
Views
0
Helpful
4
Replies
Beginner

Cisco ASA unit failed.

Which trigger a cisco ASA unit to be failed. The primary firewall was acting the active role and secondary was acting the standby role. On failure of one interface in the primary firewall, the unit was declared as failed and secondary firewall automatically switchover to the active role. In this scenario failover worked as expected but don't know why the primary unit was declared as failed in one interface failure.

I would like to know whether failure of single link connected to a interface makes the unit fail.If not what is the number of interface should be down to be a unit failed.

4 REPLIES 4
VIP Mentor

Cisco ASA unit failed.

That is all controlled with the failover-commands. With "show failover" you can see the actual settings of your ASA.

The options are described in the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_active_standby.html#wp1074591

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Highlighted
Beginner

Cisco ASA unit failed.

The unit can fail in condition of  too many monitored interfaces fail but in my case only one monitored interface is fail.But don't know why unit is showing failed.

Cisco Employee

Cisco ASA unit failed.

HI ,

what happened here is that we :

stopped receiving HA helloes on that interface

started interface testing as mentioned below :

https://supportforums.cisco.com/docs/DOC-2469

then the interface marked as failed and failover happened . and notice that the default is to failover if we have one failed interface.

Mohammad.

Beginner

Re: Cisco ASA unit failed.

Hi samarjit,

An interface check is always done by both the units in failover through hello packets exchange, failover would occur if

1) a monitored interface fails

2) the standby unit gets to know that it's peer has less active interfaces than it currently has n since it has more active interfaces, it becomes active.

I think 2nd option applies to ur case

Thnks

Sent from Cisco Technical Support iPhone App

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here