Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
974
Views
0
Helpful
1
Replies

2130 ASA mode management interface failover problem

MARTIN HUERTER
Level 1
Level 1

‎07-08-2019 12:12 PM

I have an Active/Standby pair of 2130 appliances that is having a problem with the management interfaces when failing over from the primary to the secondary. When failover is invoked, the IP Address of the primary does not move to the standby and is unreachable. When I console into the primary 2130, it is up and functioning as the primary, but cannot access via ssh. When the secondary comes back (was intially the primary and now the secondary) I can ssh to the standby IP Address, but not the primary IP Address. Wondering if anyone else has experienced this also? 

 

This is how I have the management interfaces and failover configured. 

 

PRIMARY 2130
interface Management1/1
management-only
mac-address 12ff.0000.0005 standby 12ff.0000.0006
nameif management
security-level 100
ip address 192.168.1.10 255.255.255.0 standby 168.192.1.11

route management 0.0.0.0 0.0.0.0 192.1168.1.1 1

failover
failover lan unit primary
failover lan interface FAILOVER Port-channel3
failover polltime unit 1 holdtime 3
failover polltime interface 3 holdtime 15
failover replication http
failover link FAILOVER Port-channel3
failover interface ip FAILOVER 1.1.1.1 255.255.255.252 standby 1.1.1.2


SECONDARY 2130
interface Management1/1
management-only
mac-address 12ff.0000.0005 standby 12ff.0000.0006
nameif management
ip address 192.168.1.10 255.255.255.0 standby 168.192.1.11

route management 0.0.0.0 0.0.0.0 192.1168.1.1 1

failover
failover lan unit secondary
failover lan interface FAILOVER Port-channel3
failover polltime unit 1 holdtime 3
failover polltime interface 3 holdtime 15
failover replication http
failover link FAILOVER Port-channel3
failover interface ip FAILOVER 1.1.1.1 255.255.255.252 standby 1.1.1.2

 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-08-2019 10:56 PM

Only data path interfaces should be setup with standby addresses.

Your ASA management1/1 addresses should not be included in the failover setup. Each management interface should have a unique IP address (and MAC address when using locally administered addresses such as you are using).

When a unit changes role, the management interface address will remain the same. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card