07-06-2012 04:41 AM - edited 03-11-2019 04:27 PM
Hi all,
Yesterday one of the interfaces on my firewall started flapping causing havoc to live services. It has now resolved itself and hasn't done it again but my questions is; is this start of something and what can I do to pre-empt it happening again?
The syslog output is:
2012-07-05 14:41:15 Local4.Alert 1.*.*.* Jul 05 2012 14:41:14: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface DMZ-DB
2012-07-05 14:41:15 Local4.Alert 1.*.*.* Jul 05 2012 14:41:14: %ASA-1-105008: (Primary) Testing Interface DMZ-DB
2012-07-05 14:41:16 Local4.Alert 1.*.*.* Jul 05 2012 14:41:15: %ASA-1-105009: (Primary) Testing on interface DMZ-DB Passed
2012-07-05 14:41:16 Local4.Alert 1.*.*.* Jul 05 2012 14:41:15: %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface DMZ-DB
2012-07-05 14:41:16 Local4.Alert 1.*.*.* Jul 05 2012 14:41:15: %ASA-1-105008: (Secondary) Testing Interface DMZ-DB
2012-07-05 14:41:16 Local4.Alert 1.*.*.* Jul 05 2012 14:41:15: %ASA-1-105009: (Secondary) Testing on interface DMZ-DB Passed
This carries on until:
2012-07-05 15:15:26 Local4.Alert 1.*.*.* Jul 05 2012 15:15:25: %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface DMZ-DB
2012-07-05 15:15:26 Local4.Alert 1.*.*.* Jul 05 2012 15:15:25: %ASA-1-105008: (Secondary) Testing Interface DMZ-DB
2012-07-05 15:15:26 Local4.Alert 1.*.*.* Jul 05 2012 15:15:26: %ASA-1-105009: (Secondary) Testing on interface DMZ-DB Passed
2012-07-05 15:15:45 Local4.Alert 1.*.*.* Jul 05 2012 15:15:44: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface DMZ-DB
2012-07-05 15:15:45 Local4.Alert 1.*.*.* Jul 05 2012 15:15:44: %ASA-1-105008: (Primary) Testing Interface DMZ-DB
2012-07-05 15:15:49 Local4.Alert 1.*.*.* Jul 05 2012 15:15:48: %ASA-1-105009: (Primary) Testing on interface DMZ-DB Failed
15:15:55 Local4.Alert 1.*.*.* Jul 05 2012 15:15:54: %ASA-1-104004: (Primary) Switching to OK.
2012-07-05 15:16:26 Local4.Alert 1.*.*.* Jul 05 2012 15:16:25: %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface DMZ-DB
2012-07-05 15:16:26 Local4.Alert 1.*.*.* Jul 05 2012 15:16:25: %ASA-1-105008: (Secondary) Testing Interface DMZ-DB
2012-07-05 15:16:26 Local4.Alert 1.*.*.* Jul 05 2012 15:16:26: %ASA-1-105009: (Secondary) Testing on interface DMZ-DB Passed
2012-07-05 15:16:35 Local4.Alert 1.*.*.* Jul 05 2012 15:16:34: %ASA-1-105004: (Primary) Monitoring on interface DMZ-DB normal
And
DC-ASA(config)# sh fail state
State Last Failure Reason Date/Time
This host - Secondary
Active None
Other host - Primary
Standby Ready Ifc Failure 15:15:52 GMT/BDT Jul 5 2012
DMZ-DB: Failed
====Configuration State===
Sync Done
Sync Done - STANDBY
====Communication State===
Mac set
DC-ASA(config)#
Any light shed on this would be appreciated.
Regards, Damian.
07-06-2012 05:27 AM
Please go through
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1051759
hope this helps you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide