Re: Active/Standby failover problem. Interface state 'waiting' - Page 2

Pratik Prajapati · ‎10-24-2011

Below is the show failove on my secondary firewall. I am using 2 cisco asa 5520 for active standby failover. The cable between the failover interface is a straight cable. Can somebody help me to figure out why the interfaces are in a waiting state? especially outside interface.

Failover On

Failover unit Secondary

Failover LAN Interface: bds-failover GigabitEthernet0/2 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

Version: Ours 8.2(1), Mate 8.2(1)

Last Failover at: 09:32:25 UTC Oct 20 2011

This host: Secondary - Standby Ready

Active time: 140 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys)

Interface outside (10.10.10.11): Normal (Waiting)

Interface management (0.0.0.0): No Link (Waiting)

Interface inside (192.168.6.2): No Link (Waiting)

slot 1: empty

Other host: Primary - Active

Active time: 12768 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys)

Interface outside (10.10.10.10): Normal (Waiting)

Interface management (0.0.0.0): No Link (Waiting)

Interface inside (192.168.6.1): No Link (Waiting)

slot 1: empty

Stateful Failover Logical Update Statistics

Link : bds-failover GigabitEthernet0/2 (up)

Stateful Obj xmit xerr rcv rerr

General 1675 0 3403 0

sys cmd 1672 0 1672 0

up time 0 0 0 0

RPC services 0 0 0 0

TCP conn 0 0 0 0

UDP conn 0 0 0 0

ARP tbl 3 0 1731 0

Xlate_Timeout 0 0 0 0

VPN IKE upd 0 0 0 0

VPN IPSEC upd 0 0 0 0

VPN CTCP upd 0 0 0 0

VPN SDI upd 0 0 0 0

VPN DHCP upd 0 0 0 0

SIP Session 0 0 0 0

Logical Update Queue Information

Cur Max Total

Recv Q: 0 17 17077

Xmit Q: 0 1 1741

Thanks

Pratik

mvsheik123 · ‎10-26-2011

This is interesting :-). Couple of tests....

1. Try with xover cable between ASAs.

2. Make a change on primary and see if that replicates to secondery (with HP switch in place).

If all seems good, then this may be a cosmetic bug with OS. I do not see any bug for 8.2(1) but there is something related

to 8.2(2) if not the same. Check the bug# CSCte79575.

I suggest you contact TAC.

Thx

MS

Pratik Prajapati · ‎10-26-2011

MS,

I have made changes on primary and it does replicate in secondary. So replication is good.

I think I will contact TAC now. Will keep you posted.

Thanks,

Pratik

mvsheik123 · ‎10-26-2011

Sure. Also if not done yet, you can also try to remove the cable from 3900 where Pri ASA is connected and see if the

secondary take over. That way you can make sure that your failover works with no issues.

Thx

MS

Pratik Prajapati · ‎10-26-2011

MS,

Failover works perfectly now!!!

I had to use a switch between the 2 Cisco 3900s and 2 Firewalls. All interfaces of switch part of same vlan.

Thanks for all your help!!!

Regards,

Pratik

mvsheik123 · ‎10-26-2011

Glad to hear that. Thanks for the update.

Thx

MS