cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5068
Views
0
Helpful
1
Replies

ASA 5510: Flapping interface

Damian Coverly
Level 1
Level 1

Hi all,

Yesterday one of the interfaces on my firewall started flapping causing havoc to live services. It has now resolved itself and hasn't done it again but my questions is; is this start of something and what can I do to pre-empt it happening again?

The syslog output is:

2012-07-05 14:41:15          Local4.Alert          1.*.*.*          Jul 05 2012 14:41:14: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface DMZ-DB

2012-07-05 14:41:15          Local4.Alert          1.*.*.*          Jul 05 2012 14:41:14: %ASA-1-105008: (Primary) Testing Interface DMZ-DB

2012-07-05 14:41:16          Local4.Alert          1.*.*.*          Jul 05 2012 14:41:15: %ASA-1-105009: (Primary) Testing on interface DMZ-DB Passed

2012-07-05 14:41:16          Local4.Alert          1.*.*.*          Jul 05 2012 14:41:15: %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface DMZ-DB

2012-07-05 14:41:16          Local4.Alert          1.*.*.*          Jul 05 2012 14:41:15: %ASA-1-105008: (Secondary) Testing Interface DMZ-DB

2012-07-05 14:41:16          Local4.Alert          1.*.*.*          Jul 05 2012 14:41:15: %ASA-1-105009: (Secondary) Testing on interface DMZ-DB Passed

This carries on until:

2012-07-05 15:15:26          Local4.Alert          1.*.*.*          Jul 05 2012 15:15:25: %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface DMZ-DB

2012-07-05 15:15:26          Local4.Alert          1.*.*.*          Jul 05 2012 15:15:25: %ASA-1-105008: (Secondary) Testing Interface DMZ-DB

2012-07-05 15:15:26          Local4.Alert          1.*.*.*          Jul 05 2012 15:15:26: %ASA-1-105009: (Secondary) Testing on interface DMZ-DB Passed

2012-07-05 15:15:45          Local4.Alert          1.*.*.*          Jul 05 2012 15:15:44: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface DMZ-DB

2012-07-05 15:15:45          Local4.Alert          1.*.*.*          Jul 05 2012 15:15:44: %ASA-1-105008: (Primary) Testing Interface DMZ-DB

2012-07-05 15:15:49          Local4.Alert          1.*.*.*          Jul 05 2012 15:15:48: %ASA-1-105009: (Primary) Testing on interface DMZ-DB Failed

15:15:55          Local4.Alert          1.*.*.*          Jul 05 2012 15:15:54: %ASA-1-104004: (Primary) Switching to OK.

2012-07-05 15:16:26          Local4.Alert          1.*.*.*          Jul 05 2012 15:16:25: %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface DMZ-DB

2012-07-05 15:16:26          Local4.Alert          1.*.*.*          Jul 05 2012 15:16:25: %ASA-1-105008: (Secondary) Testing Interface DMZ-DB

2012-07-05 15:16:26          Local4.Alert          1.*.*.*          Jul 05 2012 15:16:26: %ASA-1-105009: (Secondary) Testing on interface DMZ-DB Passed

2012-07-05 15:16:35          Local4.Alert          1.*.*.*          Jul 05 2012 15:16:34: %ASA-1-105004: (Primary) Monitoring on interface DMZ-DB normal

And

DC-ASA(config)# sh fail state                       

               State          Last Failure Reason      Date/Time

This host  -   Secondary

               Active         None

Other host -   Primary

               Standby Ready  Ifc Failure              15:15:52 GMT/BDT Jul 5 2012

                              DMZ-DB: Failed

====Configuration State===

        Sync Done

        Sync Done - STANDBY

====Communication State===

        Mac set

DC-ASA(config)#

Any light shed on this would be appreciated.

Regards, Damian.

1 Reply 1

gouravbathla
Level 1
Level 1
Review Cisco Networking for a $25 gift card