cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1640
Views
0
Helpful
4
Replies

Active/Standby ASA5585-X upgrade from 9.1.7 to 9.8.4(26) - Standby goes into Cold Standby

ericnlv
Level 1
Level 1

Hello

 

I have an issue where I am upgrading ASA5585-X Active/Standby pairs from 9.1.7 to 9.8.4(26). Several pairs have been upgraded, and in each case, the Standby device is reloaded first. However, when it reboots, it boots back into a Cold Standby state. The failover history on the Standby shows:

 

  • From Disabled to Negotiation, Set by the Config Command
  • From Negotiation to Cold Standby, Detected an Active mate
  • From Cold Standby to Disabled, HA state progression failed

It remains like this until the Active is reloaded. The problem is that in this state when the Active is reloaded, the Standby has no clue it needs to go Active. As a result, traffic is stopped until the Active has rebooted and is back in the Active state (at which time the Standby figures things out and returns to Standby/Ready)

 

I have looked and cannot find a bug or any info showing the process being followed is incorrect.

 

Has anyone else had this issue/resolved this issue?

 

Thanks!

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Your description of the behavior sounds like it's a bug. I haven't encountered that scenario and your direct upgrade path is supported according to the release notes.

Assuming you started with a healthy failover pair when you encountered this, I would open a TAC case and have them look into it.

View solution in original post

4 Replies 4

johnlloyd_13
Level 9
Level 9

hi,

is the layer 1 on your failover cable good? is this a direct cable between the FW pair?

issue a show interface <failover interface> to verify for any errors/flap.

also post the show failover, show failover state and show failover history output.

Thank you John

 

I have had the same issue on 5 identical pairs of FWs at different locations. I believe it must be a bug of some sort. I will open a case with TAC.

 

I just wanted to post here in case someone had already experienced the same and knew a resolution.

 

Thanks!

Marvin Rhoads
Hall of Fame
Hall of Fame

Your description of the behavior sounds like it's a bug. I haven't encountered that scenario and your direct upgrade path is supported according to the release notes.

Assuming you started with a healthy failover pair when you encountered this, I would open a TAC case and have them look into it.

Thank you Marvin

 

I have had the same issue on 5 identical pairs of FWs at different locations. I believe it must be a bug of some sort. I will open a case with TAC.

 

I just wanted to post here in case someone had already experienced the same and knew a resolution.

 

Thanks!

Review Cisco Networking for a $25 gift card